dtwvr26066 2018-07-24 14:07
浏览 590
已采纳

CentOS 7无法连接clamd.sock文件(权限被拒绝错误)

I am trying to scan uploaded files on PHP server using clamAV. I've installed ClamAV on my server (Centos 7). Currently, I am using PHP 7, so I am using Clamd socket connection to scan uploaded files. I've enabled PHP sockets, clamd.sock file is present at /var/run/clamd.scan/ folder with apache owner.

My Socket connection code -

        $socket = socket_create(AF_UNIX, SOCK_STREAM, 0);

        if(socket_connect($socket, '/var/run/clamd.scan/clamd.sock')) {
            return $socket;
        }

When I try to run above code on the browser I am getting error as socket_connect(): unable to connect [13]: Permission denied, But if I run the PHP code through command line with a user as root it is working fine.

I know there is some issue with SELinux policy with Centos as if I disable SELinux policy everything is working fine from the browser as well. I have checked httpd_can_network_connect --> on and antivirus_can_scan_system --> on both are on.

The issue is with accessing anything inside /var/run/ folder for apache user, there is something (some policy) from SELinux which is stopping apache to connect to clamd socket file. Any ideas?

  • 写回答

1条回答 默认 最新

  • du521521521 2018-09-28 12:26
    关注

    After debugging, got to know that this is SELinux policy issue. You need to enable daemons_enable_cluster_mode policy in SELinux.

    To Enable daemons_enable_cluster_mode:

    setsebool -P daemons_enable_cluster_mode 1
    

    This will allow executing ClamAV scan through another service like Apache in my case.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 MATLAB怎么通过柱坐标变换画开口是圆形的旋转抛物面?
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿