Dave,
Now that you mention it, James Ralston put in a request to get the policy
updated awhile back.
Did a bit of searching and here's the bug report detailing the root of the
problem and a local policy fix which should resolve the policy issue for
everyone in the interim: https://bugzilla.redhat.com/show_bug.cgi?id=1464269
Hope that helps,
- Mickey
On Tue, Feb 19, 2019 at 11:49 AM Dave Lahn <david.lahn@forward3d.com> wrote:
> Mickey,
>
> Do you know what needs to be updated in the policies?
>
> Best regards,
> Dave
>
> On Thu, 14 Feb 2019 at 15:59, Mickey Sola <msola@sourcefire.com> wrote:
>
>> Hi all,
>>
>> I couldn't get this issue to reproduce on my test system, but I've put
>> together a very quick and dirty patch that *should* allow for clamd to
>> recover from an unexpected SELinux denial. It's not an ideal fix, but I'm
>> hoping it'll work as intended and will fit your needs until the policy is
>> updated. I've attached the patch here. Hoping you guys can test it out,
>> since I can't get the issue to reproduce reliably on a stock CentOS 7.6
>> install.
>>
>> - Mickey
>>
>> On Thu, Feb 14, 2019 at 10:54 AM Dave Lahn <david.lahn@forward3d.com>
>> wrote:
>>
>>> Hi,
>>>
>>> We are also seeing the same issue. Did anyone make any progress with
>>> this?
>>>
>>> The odd thing is, we aren't even seeing any denials in the audit log for
>>> SELinux, and we have the SELinux booleans set for ClamAV.
>>>
>>> When we try to do exclusions, we are also seeing things like this:
>>>
>>> "Permission denied to stat /proc/1111 to exclude UIDs... perhaps SELinux
>>> denial?"
>>>
>>> --
>>> *David Lahn*
>>> DevOps Engineer
>>> Development
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> *David Lahn*
> DevOps Engineer
> Development
> .
> .
> *FORWARD3D*
> <http://www.forward3d.com/?utm_source=Email-Signature&utm_campaign=staff-email-sigs&utm_content=F3D-URL>
> NEWS -
> <http://www.forward3d.com/news/latest/?utm_campaign=staff-email-sigs&utm_content=News&utm_source=email> EVENTS
> -
> <http://www.forward3d.com/events/?utm_source=email&utm_campaign=staff-email-sigs&utm_content=Events>
> OFFICES
> <http://www.forward3d.com/contact/london?utm_source=email&utm_campaign=staff-email-sigs&utm_content=Offices>
> Data Protection Policy
> <http://www.forward3d.com/terms-and-conditions/?utm_source=email&utm_campaign=staff-email-sigs&utm_content=Data-Policy>
> .
> Forward3D and PMX Agency <http://www.pmxagency.com> are uniting as
> ForwardPMX! <http://www.forwardpmx.com>
> .
> *PART OF THE STAGWELL GROUP *
> <http://www.stagwellgroup.com/?utm_source=F3D-Staff-Email-Signature&utm_campaign=Stagwell-URL>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Now that you mention it, James Ralston put in a request to get the policy
updated awhile back.
Did a bit of searching and here's the bug report detailing the root of the
problem and a local policy fix which should resolve the policy issue for
everyone in the interim: https://bugzilla.redhat.com/show_bug.cgi?id=1464269
Hope that helps,
- Mickey
On Tue, Feb 19, 2019 at 11:49 AM Dave Lahn <david.lahn@forward3d.com> wrote:
> Mickey,
>
> Do you know what needs to be updated in the policies?
>
> Best regards,
> Dave
>
> On Thu, 14 Feb 2019 at 15:59, Mickey Sola <msola@sourcefire.com> wrote:
>
>> Hi all,
>>
>> I couldn't get this issue to reproduce on my test system, but I've put
>> together a very quick and dirty patch that *should* allow for clamd to
>> recover from an unexpected SELinux denial. It's not an ideal fix, but I'm
>> hoping it'll work as intended and will fit your needs until the policy is
>> updated. I've attached the patch here. Hoping you guys can test it out,
>> since I can't get the issue to reproduce reliably on a stock CentOS 7.6
>> install.
>>
>> - Mickey
>>
>> On Thu, Feb 14, 2019 at 10:54 AM Dave Lahn <david.lahn@forward3d.com>
>> wrote:
>>
>>> Hi,
>>>
>>> We are also seeing the same issue. Did anyone make any progress with
>>> this?
>>>
>>> The odd thing is, we aren't even seeing any denials in the audit log for
>>> SELinux, and we have the SELinux booleans set for ClamAV.
>>>
>>> When we try to do exclusions, we are also seeing things like this:
>>>
>>> "Permission denied to stat /proc/1111 to exclude UIDs... perhaps SELinux
>>> denial?"
>>>
>>> --
>>> *David Lahn*
>>> DevOps Engineer
>>> Development
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users@lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> --
> *David Lahn*
> DevOps Engineer
> Development
> .
> .
> *FORWARD3D*
> <http://www.forward3d.com/?utm_source=Email-Signature&utm_campaign=staff-email-sigs&utm_content=F3D-URL>
> NEWS -
> <http://www.forward3d.com/news/latest/?utm_campaign=staff-email-sigs&utm_content=News&utm_source=email> EVENTS
> -
> <http://www.forward3d.com/events/?utm_source=email&utm_campaign=staff-email-sigs&utm_content=Events>
> OFFICES
> <http://www.forward3d.com/contact/london?utm_source=email&utm_campaign=staff-email-sigs&utm_content=Offices>
> Data Protection Policy
> <http://www.forward3d.com/terms-and-conditions/?utm_source=email&utm_campaign=staff-email-sigs&utm_content=Data-Policy>
> .
> Forward3D and PMX Agency <http://www.pmxagency.com> are uniting as
> ForwardPMX! <http://www.forwardpmx.com>
> .
> *PART OF THE STAGWELL GROUP *
> <http://www.stagwellgroup.com/?utm_source=F3D-Staff-Email-Signature&utm_campaign=Stagwell-URL>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>