apparmor denies freshclam access to /var/run/samba/gencache.tdb
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
clamav (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Intrepid |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: clamav
My /var/log/syslog gets this message every time when freshclam does an update:
Mar 21 04:14:53 fs1 kernel: [550646.547458] type=1503 audit(123763409
Why freshclam tries to read samba gencache.tdb in the first place?
My guess it may have to do with Samba setup as PDC which uses winbind and modified nsswitch.conf.
# /etc/nsswitch.conf
passwd: files ldap [UNAVAIL=return]
group: files ldap [UNAVAIL=return]
shadow: files ldap [UNAVAIL=return]
hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
#/etc/nsswitch.conf (END)
But there is no other package that goes to gencache.tdb directly, at least not from apparmor perspective.
Versions:
Ubuntu 8.10
clamav 0.94.dfsg.
clamav-freshclam 0.94.dfsg.
apparmor 2.3+1289-0ubuntu4.1
samba 2:3.2.3-1ubuntu3.4
winbind 2:3.2.3-1ubuntu3.4
Please try adding:
deny /var/run/ samba/gencache. tdb
to the freshclam apparmor profile. That will stop it being logged. The profile is:
/etc/apparmor. d/usr.bin. freshclam