apparmor regression blocking freshclam process info
Bug #1659223 reported by
Jean-Pierre van Riel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
clamav (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Xenial |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Very much like, but a new regression with the same issue
https:/
The following IS in /etc/apparmor.
@{PROC}/filesystems r,
owner @{PROC}
And
$ ps -u clamav -f | more
UID PID PPID C STIME TTY TIME CMD
clamav 1348 1 0 08:38 ? 00:00:02 /usr/bin/freshclam -d --foregrou
nd=true
$ ls -l /proc/1348/status
-r--r--r-- 1 root root 0 Jan 25 08:38 /proc/1348/status
Shows that root owns the status file, not the clamav user.
Hence denied.
Changed in clamav (Ubuntu): | |
status: | New → Confirmed |
tags: | added: bitesize server-next |
Changed in clamav (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → Medium |
To post a comment you must log in.
Confirmed on xenial: 8.778:169) : apparmor="DENIED" operation="open" profile= "/usr/bin/ freshclam" name="/ proc/27262/ status" pid=27262 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=136 ouid=0
Aug 28 12:04:58 nsn7 kernel: [11101.452884] audit: type=1400 audit(150393269
(...) 309.82. 1.0.9B624057. ping.clamav. net clamd.conf
bytecode.cvd updated (version: 309, sigs: 69, f-level: 63, builder: bbaker)
Querying bytecode.
Database updated (6309018 signatures) from db.local.clamav.net (IP: 155.98.64.87)
ERROR: NotifyClamd: Can't find or parse configuration file /etc/clamav/
Not sure if the above error is related, though. A follow-up run doesn't fail, but probably because the db is up-to-date on disk.