SELinux denying access to clamd and pyzor

mdtiberi · **Joined:** Thu Jan 17, 2008 5:48 pm **Posts:** 124

I am getting a number of messages saying that both clamd and pyzor are being denied read access by SELinux.

Is this interfering with the operation of these programs? Should I disable SELinux for these apps?

Thanks much.

--------------------------------------------------------------
CentOS 5
Plesk 8.4.0

From SELinux -l yadayada:

avc: denied { getattr } for comm="pyzor" dev=md2 egid=103 euid=10017
exe="/usr/bin/python" exit=0 fsgid=103 fsuid=10017 gid=0 items=0
path="/var/spool/qscan/.pyzor/servers" pid=14457
scontext=user_u:system_r:pyzor_t:s0 sgid=103 subj=user_u:system_r:pyzor_t:s0
suid=10017 tclass=file tcontext=user_u:object_r:var_spool_t:s0 tty=(none)
uid=10017

scott · **Posted:** Thu Jun 12, 2008 6:27 pm

I turn SELinux off by default in the ASL kernels. In my professional opinion, its Cargo Cult Security

Besides, ASL has a powerful least privilege RBAC thats more secure and powerful that selinux, so really selinux is like grsecurity lite.

mdtiberi · **Joined:** Thu Jan 17, 2008 5:48 pm **Posts:** 124

scott wrote:

I turn SELinux off by default in the ASL kernels. In my professional opinion, its Cargo Cult Security

Thanks Scott, I ended up turning it off since for some reason I had it set to permissive mode - no point then.

SELinux denying access to clamd and pyzor

Who is online