Ask Your Question
0

How do I end SELinux reports of the same incident reapearing everyday?

asked 2015-04-14 09:44:03 -0600

I scanned three Fedora 21 with Clamav(scanned the entire system) and on all three I keep getting notified about some SELinux access denied reads from that scan(not a new scan). It's annoying to get those when I've said "ignore" in the troubleshooter but it still notifies me everyday again.

Here is the command:

clamscan -r -i --remove --exclude=/proc --exclude=/sys --exclude=/dev --max-filesize=4000M --max-scansize=4000M --bytecode-timeout=190000 /
edit retag flag offensive close merge delete

Comments

1

Telling SELinux to ignore an error only tells it to ignore that instance of the error; if it comes up again, you'll be notified again. It also tells you how to create a custom policy if you think the action should be allowed, or report it as a bug if you think that the program's doing something wrong. Have you tried either of these actions?

sideburns gravatar imagesideburns ( 2015-04-15 01:30:00 -0600 )edit

@sideburns The folders looked like they had the same name in the notification and I didn't scan the system prior to it. And after setsebool -P antivirus_can_scan_system 1 they haven't appeared again.

somethingSomething gravatar imagesomethingSomething ( 2015-04-15 05:47:54 -0600 )edit

1 Answer

Sort by » oldest newest most voted
1

answered 2015-04-14 12:07:39 -0600

Try:

setsebool -P antivirus_can_scan_system 1

This came from man antivirus_selinux, which I was directed to from man clamscan_selinux, which I found with the command apropos clam. These manpages come from the policycoreutils-devel package.

edit flag offensive delete link more

Comments

@randomuser I mean to read more up on man-pages and such, I also have quite a few books on diverse IT, but usually I use Google, and if I don't find answers there I ask on forums. I tried your commands on two of the systems and will accept if the notifications don't reappear.

somethingSomething gravatar imagesomethingSomething ( 2015-04-14 14:59:23 -0600 )edit
1

Yeah, no judgment here for not looking at those manpages first; there is a lot of stuff out there to sift through. I only cited them to provide a more complete answer.

randomuser gravatar imagerandomuser ( 2015-04-14 15:01:22 -0600 )edit

@randomuser Thanks a lot for that and the answer.

somethingSomething gravatar imagesomethingSomething ( 2015-04-14 15:02:56 -0600 )edit

Question Tools

3 followers

Stats

Asked: 2015-04-14 09:44:03 -0600

Seen: 212 times

Last updated: Apr 14 '15