Dave,

Now that you mention it, James Ralston put in a request to get the policy updated awhile back.

Did a bit of searching and here's the bug report detailing the root of the problem and a local policy fix which should resolve the policy issue for everyone in the interim: https://bugzilla.redhat.com/show_bug.cgi?id=1464269

Hope that helps,

- Mickey

On Tue, Feb 19, 2019 at 11:49 AM Dave Lahn <david.lahn@forward3d.com> wrote:
Mickey,

Do you know what needs to be updated in the policies?

Best regards,
Dave

On Thu, 14 Feb 2019 at 15:59, Mickey Sola <msola@sourcefire.com> wrote:
Hi all,

I couldn't get this issue to reproduce on my test system, but I've put together a very quick and dirty patch that *should* allow for clamd to recover from an unexpected SELinux denial. It's not an ideal fix, but I'm hoping it'll work as intended and will fit your needs until the policy is updated. I've attached the patch here. Hoping you guys can test it out, since I can't get the issue to reproduce reliably on a stock CentOS 7.6 install.

- Mickey

On Thu, Feb 14, 2019 at 10:54 AM Dave Lahn <david.lahn@forward3d.com> wrote:
Hi,

We are also seeing the same issue. Did anyone make any progress with this? 

The odd thing is, we aren't even seeing any denials in the audit log for SELinux, and we have the SELinux booleans set for ClamAV.

When we try to do exclusions, we are also seeing things like this:

"Permission denied to stat /proc/1111 to exclude UIDs... perhaps SELinux denial?"

--
David Lahn
DevOps Engineer
Development
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


--
David Lahn
DevOps Engineer
Development
.
.
FORWARD3D
.
Forward3D and PMX Agency are uniting as ForwardPMX!
.
PART OF THE STAGWELL GROUP 
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml