| 2014-04-27 08:41:47 |
Matthijs van Wageningen |
bug |
|
|
added bug |
| 2014-04-27 14:48:58 |
Scott Kitterman |
clamav (Ubuntu): importance |
Undecided |
Medium |
|
| 2014-04-27 15:01:44 |
Scott Kitterman |
clamav (Ubuntu): status |
New |
Triaged |
|
| 2014-04-27 17:22:58 |
Scott Kitterman |
clamav (Ubuntu): assignee |
|
Tyler Hicks (tyhicks) |
|
| 2014-04-27 17:23:13 |
Scott Kitterman |
clamav (Ubuntu): importance |
Medium |
High |
|
| 2014-04-28 21:13:00 |
Tyler Hicks |
attachment added |
|
clamav_0.98.1+dfsg-5ubuntu2.debdiff https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1313282/+attachment/4099894/+files/clamav_0.98.1%2Bdfsg-5ubuntu2.debdiff |
|
| 2014-04-28 21:31:30 |
Scott Kitterman |
nominated for series |
|
Ubuntu Utopic |
|
| 2014-04-28 21:31:30 |
Scott Kitterman |
bug task added |
|
clamav (Ubuntu Utopic) |
|
| 2014-04-28 21:31:30 |
Scott Kitterman |
nominated for series |
|
Ubuntu Trusty |
|
| 2014-04-28 21:31:30 |
Scott Kitterman |
bug task added |
|
clamav (Ubuntu Trusty) |
|
| 2014-04-28 21:31:41 |
Scott Kitterman |
clamav (Ubuntu Trusty): status |
New |
Fix Committed |
|
| 2014-04-28 21:31:48 |
Scott Kitterman |
clamav (Ubuntu Trusty): status |
Fix Committed |
In Progress |
|
| 2014-04-28 21:31:54 |
Scott Kitterman |
clamav (Ubuntu Utopic): status |
Triaged |
Fix Committed |
|
| 2014-04-28 21:32:00 |
Scott Kitterman |
clamav (Ubuntu Trusty): importance |
Undecided |
High |
|
| 2014-04-28 21:32:03 |
Scott Kitterman |
clamav (Ubuntu Trusty): assignee |
|
Scott Kitterman (kitterman) |
|
| 2014-04-28 21:32:06 |
Scott Kitterman |
clamav (Ubuntu Trusty): milestone |
|
ubuntu-14.04.1 |
|
| 2014-04-28 21:40:28 |
Tyler Hicks |
description |
Not sure if this is a bug, or by design (but I would like some clarification)
I recently upgraded my Ubuntu server to 14.04 LTS and notice some error messages regarding Apparmor and Freshclam.
So far I know I didn't had these error message with the previous version (13.10).
Syslog reports:
kernel: [ 113.304926] type=1400 audit(1398085083.946:37): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/clamav/clamd.ctl" pid=2372 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
Freshclam log reports:
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl
Any reason why freshclam may not read the clamd.ctl?
Of course clamd will detect database update and force reload.
But should freshclam not be able to notify clamd? |
[Description]
Freshclam is not able to notify clamd about new databases because AppArmor
prevents it from connecting to the clamd socket. Clamd will still detect the
database update and force reload, but freshclam should be able to notify clamd.
AppArmor fixed a bug (LP: #1208988) in its path-based UNIX domain socket
mediation in Saucy. AppArmor now requires both read and write permissions for
those socket paths but freshclam's profile only grants write permission.
I recently upgraded my Ubuntu server to 14.04 LTS and notice some error
messages regarding Apparmor and Freshclam. So far I know I didn't had these
error message with the previous version (13.10).
Syslog reports:
kernel: [ 113.304926] type=1400 audit(1398085083.946:37): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/clamav/clamd.ctl" pid=2372 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
Freshclam log reports:
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl
[Test Case]
* Make sure that /etc/clamav/freshclam.conf contains this line:
NotifyClamd /etc/clamav/clamd.conf
* Manually remove the main database file
$ sudo rm /var/lib/clamav/main.cvd
* Run freshclam
$ sudo freshclam
* Verify the following:
1) It was successful
2) There were no warnings about clamd not being notified (see Description)
3) There were no AppArmor denials in the system logs (See Description)
[Regression Potential]
There is essentially no regression potential since we're only loosening up the
freshclam AppArmor profile by adding read permission on the clamd socket. |
|
| 2014-04-28 21:42:15 |
Scott Kitterman |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
| 2014-04-28 21:43:27 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/utopic-proposed/clamav |
|
| 2014-04-28 21:43:39 |
Tyler Hicks |
description |
[Description]
Freshclam is not able to notify clamd about new databases because AppArmor
prevents it from connecting to the clamd socket. Clamd will still detect the
database update and force reload, but freshclam should be able to notify clamd.
AppArmor fixed a bug (LP: #1208988) in its path-based UNIX domain socket
mediation in Saucy. AppArmor now requires both read and write permissions for
those socket paths but freshclam's profile only grants write permission.
I recently upgraded my Ubuntu server to 14.04 LTS and notice some error
messages regarding Apparmor and Freshclam. So far I know I didn't had these
error message with the previous version (13.10).
Syslog reports:
kernel: [ 113.304926] type=1400 audit(1398085083.946:37): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/clamav/clamd.ctl" pid=2372 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
Freshclam log reports:
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl
[Test Case]
* Make sure that /etc/clamav/freshclam.conf contains this line:
NotifyClamd /etc/clamav/clamd.conf
* Manually remove the main database file
$ sudo rm /var/lib/clamav/main.cvd
* Run freshclam
$ sudo freshclam
* Verify the following:
1) It was successful
2) There were no warnings about clamd not being notified (see Description)
3) There were no AppArmor denials in the system logs (See Description)
[Regression Potential]
There is essentially no regression potential since we're only loosening up the
freshclam AppArmor profile by adding read permission on the clamd socket. |
[Impact]
Freshclam is not able to notify clamd about new databases because AppArmor
prevents it from connecting to the clamd socket. Clamd will still detect the
database update and force reload, but freshclam should be able to notify clamd.
AppArmor fixed a bug (LP: #1208988) in its path-based UNIX domain socket
mediation in Saucy. AppArmor now requires both read and write permissions for
those socket paths but freshclam's profile only grants write permission.
I recently upgraded my Ubuntu server to 14.04 LTS and notice some error
messages regarding Apparmor and Freshclam. So far I know I didn't had these
error message with the previous version (13.10).
Syslog reports:
kernel: [ 113.304926] type=1400 audit(1398085083.946:37): apparmor="DENIED" operation="connect" profile="/usr/bin/freshclam" name="/run/clamav/clamd.ctl" pid=2372 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
Freshclam log reports:
WARNING: Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl
[Test Case]
* Make sure that /etc/clamav/freshclam.conf contains this line:
NotifyClamd /etc/clamav/clamd.conf
* Manually remove the main database file
$ sudo rm /var/lib/clamav/main.cvd
* Run freshclam
$ sudo freshclam
* Verify the following:
1) It was successful and printed "Clamd successfully notified about the
update."
2) There were no warnings about clamd not being notified (see Impact)
3) There were no AppArmor denials in the system logs (see Impact)
[Regression Potential]
There is essentially no regression potential since we're only loosening up the
freshclam AppArmor profile by adding read permission on the clamd socket. |
|
| 2014-04-28 22:03:13 |
Brian Murray |
clamav (Ubuntu Trusty): status |
In Progress |
Fix Committed |
|
| 2014-04-28 22:03:18 |
Brian Murray |
bug |
|
|
added subscriber SRU Verification |
| 2014-04-28 22:03:27 |
Brian Murray |
tags |
apparmor clamav freshclam |
apparmor clamav freshclam verification-needed |
|
| 2014-04-28 22:30:49 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/trusty-proposed/clamav |
|
| 2014-04-29 02:57:36 |
Launchpad Janitor |
clamav (Ubuntu Utopic): status |
Fix Committed |
Fix Released |
|
| 2014-04-29 06:48:09 |
Scott Kitterman |
tags |
apparmor clamav freshclam verification-needed |
apparmor clamav freshclam verification-done |
|
| 2014-05-01 13:31:59 |
chrmhoffmann |
bug |
|
|
added subscriber chrmhoffmann |
| 2014-05-04 04:48:40 |
Launchpad Janitor |
branch linked |
|
lp:debian/experimental/clamav |
|
| 2014-05-05 18:46:03 |
Launchpad Janitor |
clamav (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
| 2014-05-05 18:46:11 |
Scott Kitterman |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
| 2016-10-17 23:30:22 |
Jared Fernandez |
bug |
|
|
added subscriber Jared Fernandez |
