1

On my nginx server, the uploaded files context are set as:

-rw-rw-r--. nginx nginx system_u:object_r:httpd_sys_rw_content_t:s0 eicar.sh.pdf

Right after upload, clamscan runs to verify the file using php exec() as an nginx user. 

/usr/bin/clamscan --quiet --remove /opt/myserver/files/eicar.sh.pdf

And this throws a SeLinux write access denial, when clamscan tries to delete that file (its a EICAR test file).

The audit logs suggests to create a policy which i am not in favor of:

# ausearch -c 'clamscan' --raw | audit2allow -M my-clamscan
# semodule -i my-clamscan.pp

These are already set:

sudo setsebool -P antivirus_can_scan_system 1
sudo setsebool -P antivirus_use_jit 1

Q: Is there is a way to fix this via file context, but don't want to loose the current context httpd_sys_rw_content_t for the files.

Improve this question

1 Answer 1

Reset to default
1

Setting antivirus_t as permissive worked. This makes SeLinux to not to enforce its policies for all antivirus.

sudo semanage permissive -a antivirus_t
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.