I was describing two issues: One is that root user was needed for
ScanOnAccess. Second was that the apparmor profile does not fit.

Basically, there should be an easy way to use ScanOnAccess with correct
apparmor profile.

Fanotify seems to be a basic feature in conjunction with a virus scanner
(which can simply run in user space without a kernel module, still
getting notified about changes in files).

With the two changes I described, ScanOnAccess is working for me with
root privileges and apparmor profile disabled. Therefore, it also
detects Eicar testfiles.

I'd suggest to make ScanOnAccess more accessible to an average user.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1404762

Title:
  apparmor profile usr.sbin.clamd does not allow ScanOnAccess via
  fanotify

Status in apparmor package in Ubuntu:
  Confirmed

Bug description:
  I tried to enable the ScanOnAccess option in /etc/clamav.conf to get
  on-access scanning.

  Doing so, /var/log/clamav/clamav.log tells me:
  ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted
  ScanOnAccess: clamd must be started by root

  Setting User to root in /etc/clamav/clamd.conf
  makes the clamav-daemon to fail with

  service clamav-daemon start
   * Starting ClamAV daemon clamd
  ERROR: initgroups() failed.

  I had to disable the apparmor.profile with a
  cd /etc/apparmor.d/disable
  ln -s ./../usr.sbin.clamd

  Then, the "ERROR: initgroups() failed." disappears.

  The apparmor itself came via apt-get packages. I did not edit it.

  Description:  Ubuntu 14.04.1 LTS
  Release:      14.04

  apt-cache policy apparmor-profiles
  apparmor-profiles:
    Installiert:           (keine)
    Installationskandidat: 2.8.95~2430-0ubuntu5.1
    Versionstabelle:
       2.8.95~2430-0ubuntu5.1 0
          500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 
Packages
          500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 
Packages
       2.8.95~2430-0ubuntu5 0
          500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: apparmor-profiles (not installed)
  ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11
  Uname: Linux 3.13.0-43-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.6
  Architecture: amd64
  Date: Mon Dec 22 01:23:04 2014
  InstallationDate: Installed on 2014-11-29 (22 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 
(20140722.2)
  ProcEnviron:
   LANGUAGE=de_DE
   TERM=xterm
   PATH=(custom, no user)
   LANG=de_DE.UTF-8
   SHELL=/bin/bash
  ProcKernelCmdline: BOOT_IMAGE=/@/boot/vmlinuz-3.13.0-43-generic 
root=UUID=6408c2d9-1b60-43d7-9a7f-2dceeb40de28 ro rootflags=subvol=@ quiet 
splash vt.handoff=7
  SourcePackage: apparmor
  Syslog:
   
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to