Public bug reported:
I tried to enable the ScanOnAccess option in /etc/clamav.conf to get on-
access scanning.
Doing so, /var/log/clamav/clamav.log tells me:
ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
ScanOnAccess: clamd must be started by root
Setting User to root in /etc/clamav/clamd.conf
makes the clamav-daemon to fail with
service clamav-daemon start
* Starting ClamAV daemon clamd
ERROR: initgroups() failed.
I had to disable the apparmor.profile with a
cd /etc/apparmor.d/disable
ln -s ./../usr.sbin.clamd
Then, the "ERROR: initgroups() failed." disappears.
The apparmor itself came via apt-get packages. I did not edit it.
Description: Ubuntu 14.04.1 LTS
Release: 14.04
apt-cache policy apparmor-profiles
apparmor-profiles:
Installiert: (keine)
Installationskandidat: 2.8.95~2430-0ubuntu5.1
Versionstabelle:
2.8.95~2430-0ubuntu5.1 0
500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64
Packages
2.8.95~2430-0ubuntu5 0
500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor-profiles (not installed)
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
Date: Mon Dec 22 01:23:04 2014
InstallationDate: Installed on 2014-11-29 (22 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
ProcEnviron:
LANGUAGE=de_DE
TERM=xterm
PATH=(custom, no user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/@/boot/vmlinuz-3.13.0-43-generic
root=UUID=6408c2d9-1b60-43d7-9a7f-2dceeb40de28 ro rootflags=subvol=@ quiet
splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1404762
Title:
apparmor profile usr.sbin.clamd does not allow ScanOnAccess via
fanotify
Status in apparmor package in Ubuntu:
New
Bug description:
I tried to enable the ScanOnAccess option in /etc/clamav.conf to get
on-access scanning.
Doing so, /var/log/clamav/clamav.log tells me:
ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
ScanOnAccess: clamd must be started by root
Setting User to root in /etc/clamav/clamd.conf
makes the clamav-daemon to fail with
service clamav-daemon start
* Starting ClamAV daemon clamd
ERROR: initgroups() failed.
I had to disable the apparmor.profile with a
cd /etc/apparmor.d/disable
ln -s ./../usr.sbin.clamd
Then, the "ERROR: initgroups() failed." disappears.
The apparmor itself came via apt-get packages. I did not edit it.
Description: Ubuntu 14.04.1 LTS
Release: 14.04
apt-cache policy apparmor-profiles
apparmor-profiles:
Installiert: (keine)
Installationskandidat: 2.8.95~2430-0ubuntu5.1
Versionstabelle:
2.8.95~2430-0ubuntu5.1 0
500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64
Packages
500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64
Packages
2.8.95~2430-0ubuntu5 0
500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: apparmor-profiles (not installed)
ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
Uname: Linux 3.13.0-43-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
Date: Mon Dec 22 01:23:04 2014
InstallationDate: Installed on 2014-11-29 (22 days ago)
InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64
(20140722.2)
ProcEnviron:
LANGUAGE=de_DE
TERM=xterm
PATH=(custom, no user)
LANG=de_DE.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/@/boot/vmlinuz-3.13.0-43-generic
root=UUID=6408c2d9-1b60-43d7-9a7f-2dceeb40de28 ro rootflags=subvol=@ quiet
splash vt.handoff=7
SourcePackage: apparmor
Syslog:
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
