After upgrade, clamav's clamd gives "ERROR: initgroups() failed."

Bug #433764 reported by glenstewart on 2009-09-21
24
This bug affects 4 people
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Undecided
Unassigned

Bug Description

Binary package hint: clamav

apparmor's usr.sbin.clamd file has an incomplete setting to allow clamd to run.

In /etc/apparmor.d/usr.sbin.clamd

...add this line: capability dac_override,

...after
/usr/sbin/clamd {
  #include <abstractions/base>
  #include <abstractions/nameservice>

Then do:

sudo /etc/init.d/apparmor reload
sudo /etc/init.d/clamav-daemon start

Related branches

Marc Deslauriers (mdeslaur) wrote :

This is only needed if the default configuration is modified to run clam with the root user. This may be required in certain situations where the AllowSupplementaryGroups option is needed.

We should add the dac_override capability to the apparmor profile.

Changed in clamav (Ubuntu):
status: New → Confirmed
Scott Kitterman (kitterman) wrote :

Uploaded and waiting for release team review.

Changed in clamav (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.2+dfsg-4ubuntu4

---------------
clamav (0.95.2+dfsg-4ubuntu4) karmic; urgency=low

  [ Scott Kitterman ]
  * Apparmor profile fixes (reviewed by Ubuntu Security):
    - Allow clamav-daemon access to the home directory of the user running it
      and update README.Debian to explain the need to adjust the apparmor
      profile for it to scan elsewhere (LP: #450250)
    - Add capability dac_override to clamav-daemon profile to allow
      AllowSupplementaryGroups to work (LP: #433764)
  * Cherry pick packaging bug fixes from pkg-clamav git

  [ Stephen Gran ]
  * Make all references to the milter socket reference the same path
    - b71e1a26bafb0df532df2673fcd1cd53bc6952bd
  * Read default file once (LP: #430421)
    - 86b421dac00e49abb8e5907b9e952e33e83b7aec

  [ Michael Meskes ]
  * Fixed LSB header information. (Closes: #546450) - thanks to Petter
    Reinholdtsen <email address hidden>
    - 3f59d827d1e54ce1efcb7e050c57866ccdfaedae

  [ Michael Tautschnig ]
  * Remove all remaining files during purge
    - 4132426753b674dd9c622f1c0501703ed987a239

 -- Scott Kitterman <email address hidden> Sat, 24 Oct 2009 12:34:00 -0400

Changed in clamav (Ubuntu):
status: Fix Committed → Fix Released

I suspect that the problem is still there.
The fix has been released, but the same error message is still there.

I have a freshy installed clamav-daemon
sudo apt-get install clamav-daemon

Look what I have got:

anatoly@NLANGo:~$ clamd
ERROR: Can't open /var/log/clamav/clamav.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger
anatoly@NLANGo:~$ sudo clamd
[sudo] password for anatoly:
ERROR: initgroups() failed.
anatoly@NLANGo:~$ clamd -V
ClamAV 0.95.3/11104/Sun May 30 14:38:16 2010

I am running Ubuntu 9.10, i386
I will try to add some additional information to this bug report using apport-collect command on my computer.

Architecture: i386
DistroRelease: Ubuntu 9.10
Package: clamd (not installed)
ProcEnviron:
 SHELL=/bin/bash
 LANG=ru_RU.UTF-8
 LANGUAGE=ru_RU.UTF-8
ProcVersionSignature: Ubuntu 2.6.31-21.59-generic
Uname: Linux 2.6.31-21-generic i686
UserGroups: adm admin audio cdrom dialout fuse lpadmin netdev plugdev sambashare

tags: added: apport-collected

What happens if you do:

sudo /etc/init.d/clamav-daemon start

Scott,
here is a reply to your question:

anatoly@NLANGo:~$ sudo /etc/init.d/clamav-daemon start
[sudo] password for anatoly:
 * Starting ClamAV daemon clamd /usr/sbin/clamd already running.
                                                                         [ OK ]

Scott Kitterman (kitterman) wrote :

Not a bug then. Thats the correct way to start clamd. If you want something a user can run, see clamdscan or clamscan.

Scott Steele (ssteele-o) wrote :

I am getting the same problem 'After upgrade, clamav's clamd gives "ERROR: initgroups() failed."' upgrading to clamav 0.96.5+dfsg-1ubuntu1.10.10.2. This is the latest version using apt-get. The recommended fix is in place in /etc/apparmor.d/usr.sbin.clamd.

corp-postfix:~$ sudo /usr/sbin/clamd VERSION
ERROR: initgroups() failed.

Thank you.

Scott Steele (ssteele-o) wrote :

Ignore my post. Thank you.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers