← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #68824

[Bug 1404762] Re: apparmor profile usr.sbin.clamd does not allow ScanOnAccess via fanotify

  Thread PreviousDate PreviousThread Next 
Now, that on-access scan seems to be working, I tried some cases:
No detections when I copied some Eicar files around in subfolders of /home/hartwig. However, I got a detection when I placed an Eicar file directly into that folder (mentioned in /var/log/clamav/clamav.log). It looks like that only the folder mentioned in the OnAccessIncludePath parameter is scanned, but no subfolders. Any way to include subfolders?

However, this behaviour does not seem to be connected to apparmor, so it
is off-topic for this bug. I put my observations into the original
clamav question
https://answers.launchpad.net/ubuntu/+source/clamav/+question/263109.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1404762

Title:
  apparmor profile usr.sbin.clamd does not allow ScanOnAccess via
  fanotify

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  I tried to enable the ScanOnAccess option in /etc/clamav.conf to get
  on-access scanning.

  Doing so, /var/log/clamav/clamav.log tells me:
  ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
  ScanOnAccess: clamd must be started by root

  Setting User to root in /etc/clamav/clamd.conf
  makes the clamav-daemon to fail with

  service clamav-daemon start
   * Starting ClamAV daemon clamd
  ERROR: initgroups() failed.

  I had to disable the apparmor.profile with a
  cd /etc/apparmor.d/disable
  ln -s ./../usr.sbin.clamd

  Then, the "ERROR: initgroups() failed." disappears.

  The apparmor itself came via apt-get packages. I did not edit it.

  Description:	Ubuntu 14.04.1 LTS
  Release:	14.04

  apt-cache policy apparmor-profiles
  apparmor-profiles:
    Installiert:           (keine)
    Installationskandidat: 2.8.95~2430-0ubuntu5.1
    Versionstabelle:
       2.8.95~2430-0ubuntu5.1 0
          500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages
       2.8.95~2430-0ubuntu5 0
          500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: apparmor-profiles (not installed)
  ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
  Uname: Linux 3.13.0-43-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  Date: Mon Dec 22 01:23:04 2014
  InstallationDate: Installed on 2014-11-29 (22 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  ProcEnviron:
   LANGUAGE=de_DE
   TERM=xterm
   PATH=(custom, no user)
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdline: BOOT_IMAGE=/@/boot/vmlinuz-3.13.0-43-generic root=UUID=6408c2d9-1b60-43d7-9a7f-2dceeb40de28 ro rootflags=subvol=@ quiet splash vt.handoff=7
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions

References

  Thread PreviousDate PreviousThread Next