[Pkg-clamav-devel] Bug#902601: marked as done (freshclam apparmor profile prevents some operations)

[Debian Bug Tracking System]

Your message dated Wed, 11 Jul 2018 22:19:01 +0000
with message-id <e1fdnrt-0002jv...@fasolo.debian.org>
and subject line Bug#902601: fixed in clamav 0.100.1+dfsg-1
has caused the Debian Bug report #902601,
regarding freshclam apparmor profile prevents some operations
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
902601: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902601
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: clamav-freshclam
Version: 0.100.0+dfsg-1
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch

Hi,

We've received a downstream report of the following AppArmor denial:

Jun 26 16:31:12 localhost kernel: [21690.397358] audit: type=1400 
audit(1530048672.329:116): apparmor="DENIED" operation="rename_src" 
profile="/usr/bin/freshclam" name="/var/log/clamav/freshclam.log" pid=2604 
comm="freshclam" requested_mask="r" denied_mask="r" fsuid=121 ouid=121

The suggestion is to change, in debian/usr.bin.freshclam:

  /var/log/clamav/* kw,

to:

  /var/log/clamav/* krw,

Downstream bug:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1778812

Upstream discussion:
https://lists.ubuntu.com/archives/apparmor/2018-June/011711.html

Here's the patch:

diff --git a/debian/usr.bin.freshclam b/debian/usr.bin.freshclam
index de970a4..90490ac 100644
--- a/debian/usr.bin.freshclam
+++ b/debian/usr.bin.freshclam
@@ -32,7 +32,7 @@
   /var/lib/clamav/ r,
   /var/lib/clamav/** krw,
 
-  /var/log/clamav/* kw,
+  /var/log/clamav/* krw,
   /{,var/}run/clamav/freshclam.pid w,
   /{,var/}run/clamav/clamd.ctl rw,

I haven't verified this, but it seems trivial and reasonable enough that
I think it should be fine just to land.

Thanks,

Robie

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: clamav
Source-Version: 0.100.1+dfsg-1

We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 902...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebast...@breakpoint.cc> (supplier of updated clamav 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Jul 2018 21:44:30 +0200
Source: clamav
Binary: clamav-base clamav-docs clamav libclamav-dev libclamav7 clamav-daemon 
clamdscan clamav-testfiles clamav-freshclam clamav-milter
Architecture: source
Version: 0.100.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Description:
 clamav     - anti-virus utility for Unix - command-line interface
 clamav-base - anti-virus utility for Unix - base package
 clamav-daemon - anti-virus utility for Unix - scanner daemon
 clamav-docs - anti-virus utility for Unix - documentation
 clamav-freshclam - anti-virus utility for Unix - virus database update utility
 clamav-milter - anti-virus utility for Unix - sendmail integration
 clamav-testfiles - anti-virus utility for Unix - test files
 clamdscan  - anti-virus utility for Unix - scanner client
 libclamav-dev - anti-virus utility for Unix - development files
 libclamav7 - anti-virus utility for Unix - library
Closes: 902601
Changes:
 clamav (0.100.1+dfsg-1) unstable; urgency=medium
 .
   [ Scott Kitterman ]
   * Only create clamav user during clamav-base install if it does not exist
     (LP: #121872)
     - Thanks to Shane Williams for the patch
   * Remove spurious debian/changelog entry for the above change from the
     0.100.0~beta+dfsg-1 entry since the change was not actually included
 .
   [ Sebastian Andrzej Siewior ]
   * Import new upstream.
   * Bump symbol version due to new version.
   * Add read permission for freshclam on /var/log in the apparmor profile.
     Thanks to Robie Basak (Closes: #902601).
   * Bump standards-version to 4.1.5 without further change
Checksums-Sha1:
 0634db5220d90802434aa810cc56a0f5f0b9eee2 2964 clamav_0.100.1+dfsg-1.dsc
 b070d819823d049a49d09837beafe166da264c41 5476520 
clamav_0.100.1+dfsg.orig.tar.xz
 53c4c59c3d4a0d99a7bffa5f8cceb66ee29ce03c 216620 
clamav_0.100.1+dfsg-1.debian.tar.xz
 1bf8adad00b96fb1148a88f55d2796ffb656c08b 7127 
clamav_0.100.1+dfsg-1_source.buildinfo
Checksums-Sha256:
 cea50476c79b83eff7394ac4a9c18b2bc4c66e0aac6c548fd30a67bcc3ba201a 2964 
clamav_0.100.1+dfsg-1.dsc
 e345c44a0596075480eb04e9dd1a6ffa7901a455fe05bec188801e929380028a 5476520 
clamav_0.100.1+dfsg.orig.tar.xz
 d85f42f51694cbeffb3c44d7cba1740cb73e976f7fd03dca8a26c3b2b6c4a453 216620 
clamav_0.100.1+dfsg-1.debian.tar.xz
 2dd7c56156541b89be037c15ee8f577871af2eb265ded5a57ef24a793b89028b 7127 
clamav_0.100.1+dfsg-1_source.buildinfo
Files:
 145e20d6227efb4a3cf93ee34f518e68 2964 utils optional clamav_0.100.1+dfsg-1.dsc
 543aa0ec3bfb4e5e0340f0fe103b4c00 5476520 utils optional 
clamav_0.100.1+dfsg.orig.tar.xz
 415539b3c2edb634e467e7ef61d35b44 216620 utils optional 
clamav_0.100.1+dfsg-1.debian.tar.xz
 f99310ddd91b5446bbd2e52a7b423d88 7127 utils optional 
clamav_0.100.1+dfsg-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErHvQgQWZUb1RregAT+XjJihy5MwFAltGfQgACgkQT+XjJihy
5Mznog//UQHLTRBvHwJ1Bcm+M5e1/snM4S2c+LhwAXNezvzcylHxACrEk6YOOdpF
Dr5HZvOD0w+g4Oa+Jo03+tJDQCL9c8vDzF8NvatB9QXjgFNqC3kPBXrb4nJNxC6R
8MXijNodTHpEu6E+stAPP+Z3X/AEXASZBMkkZfi2glM94rKOPw13ZahGRqNgWT/w
gbSKe/OxKsRupxEzlxHSbN/p+y8aCVRh/OgC893oUScTo+BIxnl4iyaZeC3rtJAC
4mnixBSia1z9cwLHMffR71p9RPNnHdx2zt9EQoPmgZgxaxzZ1qh9Iw/ttxKGCEtD
RAW8/FuClNcSvf5GcU1jUROYz6Hx+cTNDHY4ITw+5pV/OAhAhOh4xeVszKueYuVs
YDWCugE6z62tzGWhKLljfd0MPxrhvrBnRmqsI4mHZ6c55DB+Pj95plL61TpyoPLD
3KNj8aOP/C7fbNMGVQVvbmhtmS5lMiOa1rz8Dpui0AvJbMVXwP1KXnxCG/P7Vmi7
Dg2ILo9MNWlLU25EG/qlbAf8cXnYR3DOnrvU9W8rVdnxMNvgvBx3ZMDtzxTkNw7c
U7/ntXF9ZMgtD4gjiA3vqNSFakBF2M/UDOUpuNFPy2hpqViOSX5hpbFLnJwDE1BP
1EB/9pWpEVSKyFz7O7UkcNqxMYrAkjGBsQw+3YSNBuKqUY2WmMg=
=GEPg
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Pkg-clamav-devel mailing list
Pkg-clamav-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-clamav-devel