On Wednesday, April 21 2021, I wrote: > ### https://pad.lv/1925182 - (New) [clamav] - ERROR: Can't open > /var/log/clamav/freshclam.log in append mode (check permissions!) > > Incomplete, but looks like it can be a valid one. I really tried to > reproduce it here, but failed. I left a lengthy comment explaining what > I did, what I found while researching online, and what the user can try > next.
Utkarsh brought this to my attention today. Simon Déziel was able to reproduce the bug by following my instructions but making sure that apparmor was enabled and that the freshclam binary was confined. I double checked here and indeed, the bug does reproduce with apparmor. When I was testing it first (in a container), I thought that apparmor was already installed and active there, but it isn't. Living and learning. I don't know if there's much we can do here. The new apparmor profile has been shipped already. The easy workaround here is to restart the freshclam service, but the problem is that there is no indication of a failure when the package is updated (manually or via unattended-upgrades). Perhaps what can be done is fiddling with postinst and verifying if the freshclam service is stopped because of an error, and then try to start it if that's the case. Either way, I've marked the bug as Triaged and subscribed ubuntu-server. Thanks, -- Sergio GPG key ID: E92F D0B3 6B14 F1F4 D8E0 EB2F 106D A1C8 C3CB BF14 -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam