[Bug 1925182] Re: ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!)

Wed, 21 Apr 2021 14:30:53 -0700 

@sergiodj, I was able to reproduce this in a container based on your
instruction but by adding the apparmor package to the mix.

With Apparmor installed, after upgrading from 0.102.4+dfsg-
0ubuntu0.18.04.1 -> 0.103.2+dfsg-0ubuntu0.18.04.1, I have this in
"journalctl -fk":

Apr 21 20:56:57 bclam kernel: audit: type=1400 audit(1619038617.624:2): 
apparmor="STATUS" operation="profile_load" profile="unconfined" 
name="/usr/sbin/clamd" pid=1835 comm="apparmor_parser"
Apr 21 20:57:00 bclam kernel: audit: type=1400 audit(1619038620.980:3): 
apparmor="STATUS" operation="profile_load" profile="unconfined" 
name="/usr/bin/freshclam" pid=1837 comm="apparmor_parser"
Apr 21 20:57:11 bclam kernel: audit: type=1400 audit(1619038631.016:4): 
apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" 
name="/etc/ssl/openssl.cnf" pid=1840 comm="freshclam" requested_mask="r" 
denied_mask="r" fsuid=105 ouid=0
Apr 21 20:57:11 bclam kernel: audit: type=1400 audit(1619038631.048:5): 
apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" 
name="/etc/ssl/openssl.cnf" pid=1840 comm="freshclam" requested_mask="r" 
denied_mask="r" fsuid=105 ouid=0
Apr 21 20:59:30 bclam kernel: audit: type=1400 audit(1619038770.363:6): 
apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" 
name="/etc/ssl/openssl.cnf" pid=1870 comm="freshclam" requested_mask="r" 
denied_mask="r" fsuid=105 ouid=0
Apr 21 21:04:37 bclam kernel: audit: type=1400 audit(1619039077.070:7): 
apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" 
name="/etc/ssl/openssl.cnf" pid=2800 comm="freshclam" requested_mask="r" 
denied_mask="r" fsuid=0 ouid=0
Apr 21 21:04:37 bclam kernel: audit: type=1400 audit(1619039077.074:8): 
apparmor="DENIED" operation="capable" profile="/usr/bin/freshclam" pid=2800 
comm="freshclam" capability=1  capname="dac_override"

The dac_override cap was added in the Apparmor profile shipped in
0.103.2+dfsg-0ubuntu0.18.04.1. It looks like the new profile is deployed
after the freshclam service is restarted which would explain why it
trips on the missing capability.

Manually restarting clamav-freshclam.service works around the problem.

** Changed in: clamav (Ubuntu)
       Status: Incomplete => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925182

Title:
  ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
  permissions!)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1925182/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to