Public bug reported: A similar bug seems to have been reported before but keeps returning. I'm seeing it on an new install of bionic server 18.04 clamav version: 0.100.3+dfsg-0ubuntu0.18.04.1 kern.log keeps reporting the following after installing clamav and clamav-daemon:
kernel: [ 10.851831] audit: type=1400 audit(1565467797.334:27): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=962 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 kernel: [ 10.897174] audit: type=1400 audit(1565467797.382:28): apparmor="DENIED" operation="open" profile="/usr/sbin/clamd" name="/etc/ssl/openssl.cnf" pid=1101 comm="clamd" requested_mask="r" denied_mask="r" fsuid=112 ouid=0 Similar to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1778812 Only seems like freshclam and clamd now need access to /etc/ssl/openssl.cnf Looking at /etc/apparmor.d/usr.bin.freshclam I have: @{PROC}/filesystems r, owner @{PROC}/[0-9]*/status r, Do we need to add: /etc/ssl/openssl.cnf r, To both usr.bin.freshclam and usr.bin.clamd ? ** Affects: clamav (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1839767 Title: apparmor DENIED freshclam and clamd access to openssl.cnf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1839767/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
