dtwvr26066
dtwvr26066
2018-07-24 14:07
浏览 387
已采纳

CentOS 7无法连接clamd.sock文件(权限被拒绝错误)

I am trying to scan uploaded files on PHP server using clamAV. I've installed ClamAV on my server (Centos 7). Currently, I am using PHP 7, so I am using Clamd socket connection to scan uploaded files. I've enabled PHP sockets, clamd.sock file is present at /var/run/clamd.scan/ folder with apache owner.

My Socket connection code -

        $socket = socket_create(AF_UNIX, SOCK_STREAM, 0);

        if(socket_connect($socket, '/var/run/clamd.scan/clamd.sock')) {
            return $socket;
        }

When I try to run above code on the browser I am getting error as socket_connect(): unable to connect [13]: Permission denied, But if I run the PHP code through command line with a user as root it is working fine.

I know there is some issue with SELinux policy with Centos as if I disable SELinux policy everything is working fine from the browser as well. I have checked httpd_can_network_connect --> on and antivirus_can_scan_system --> on both are on.

The issue is with accessing anything inside /var/run/ folder for apache user, there is something (some policy) from SELinux which is stopping apache to connect to clamd socket file. Any ideas?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • du521521521
    du521521521 2018-09-28 12:26
    已采纳

    After debugging, got to know that this is SELinux policy issue. You need to enable daemons_enable_cluster_mode policy in SELinux.

    To Enable daemons_enable_cluster_mode:

    setsebool -P daemons_enable_cluster_mode 1
    

    This will allow executing ClamAV scan through another service like Apache in my case.

    点赞 评论

相关推荐