AppArmor - Error Messages log files - Mensagens de Erro arquivos de log

Bug #1802498 reported by Edson José dos Santos on 2018-11-09
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Undecided
Unassigned

Bug Description

Hello Canonical team - Ubuntu

Eset Antivirus has some problems with apparmor.

In Eset I have observed in the last weeks that the updates are being carried out, but the logs that have been installed successfully, where it was in bold, no longer appear.

I also realize that these error messages below are constants and I would like to know what it is possible to do to resolve them, as they are due to mismatch with apparmor. Can Canonial and Eset work together to solve this problem?

Here is the log of Eset Antivirus for Linux Version 4.90 installed on Ubuntu 18.10 Cosmic and log dmesg of Ubuntu.

Thank you in advance for the attention and collaboration of all

Edson Santos

****************************

Obs: Most of these problems are caused by AppArmor , ESET v4 is not compatible with AppArmor/SELinux

I've tried to test things here and there , ESET still does do it's job while AppArmor is enabled (I didn't try with AppArmor disabled) , but it encounters lot of errors , and while scanning AppArmor will prevent ESET from accessing most files as far as I have noticed.

I don't know if there is a workaround for AppArmor to allow ESET , but I don't want to disable it and I don't want to remove ESET.

Thank you in advance for the attention and collaboration of all

Edson Santos

Another Linux user with the same problem in AppArmor. Access the link.

https://forum.eset.com/topic/17266-apparmorselinux-support/

Rami Hakim (ramihakim) wrote :

I don't know if Ubuntu can really help with this problem , it's not their problem , it's ESET's

Hello Rami

Can not both parties be able to let go of the ego and work together on this very important issue that is security for all Linux users?

I think so, there is only goodwill!

Let's wait and see if they have this.

Strong embrace Rami

Edson Santos

*****************************

Olá Remi

Será que ambas as partes não podem abrir mão do ego e trabalharem juntas nesta questão tão importante que é a segurança para todos os usuários Linux?

Creio que sim, basta haver boa vontade!

Vamos aguardar e ver se possuem isso.

Forte abraço Rami

Edson Santos

Rami Hakim (ramihakim) wrote :

Hey Edson,

ESET doesn't seem to have Linux on their priority because their Linux userbase seems to be small and not that big comparing to Windows / Mac,

When ESET v4 was released , AppArmor wasn't available back in the time it wasn't developed yet.
I'm not that experienced with AppArmor , but I think if one can properly configure AppArmor to work with ESET , it will work as far as I can imagine.

But the problem is from ESET's side , so they have made a program that doesn't work with SELinux , and not compatible with AppArmor.

I've been on this problem for a while now , and it seems that ESET is so quiet about any replies, So I wonder if Ubuntu team will take a look at this problem, I would be very glad if someone fixes it , even if it was a workaround but atleast a fix.

Thanks.

On Wed, Nov 14, 2018 at 09:03:13AM -0000, Rami Hakim wrote:
> When ESET v4 was released , AppArmor wasn't available back in the time
> it wasn't developed yet.

While ESET the company predates AppArmor, AppArmor predates this specific
version of ESET NOD32 :)

https://web.archive.org/web/20000818164529/http://www.immunix.org:80/documentation.html#codomain

(Back in the 90s AppArmor was known as "CoDomain" and "SubDomain"
and started life as the "mighty morphin[g?] file system".)

> I'm not that experienced with AppArmor , but I think if one can properly
> configure AppArmor to work with ESET , it will work as far as I can
> imagine.

Probably yes, at least if ESET's code injections are relatively
straightforward and don't do anything too surprising. Policies will need
to be adapted to adjust for the injected code, but that's just the way it
is. Used resources must be enumerated.

> But the problem is from ESET's side , so they have made a program that
> doesn't work with SELinux , and not compatible with AppArmor.

I suspect the story on SELinux is similar -- they "just" need to modify
policy to recognize that all domains can communicate all types to the ESET
scanner. It would probably also require modifying policy to allow the code
injection to work in all domains.

> I've been on this problem for a while now , and it seems that ESET is so
> quiet about any replies, So I wonder if Ubuntu team will take a look at
> this problem, I would be very glad if someone fixes it , even if it was
> a workaround but atleast a fix.

We're happy to address specific DENIED messages (though the apparmor mail
list would probably be the better venue) but are unlikely to prioritise
actually installing and configuring ESET ourselves.

https://lists.ubuntu.com/mailman/listinfo/apparmor

We're also unlikely to modify our default policies. The tradeoff between
MAC policy and AV is best made by individual sysadmins.

Thanks

Rami Hakim (ramihakim) wrote :

Thank you for the explanation I guess it's up to the user to fix that issues with AppArmor , or to wait for ESET to release an update that will make their AV work with AppArmor

Thanks again.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers