Ubuntu
clamav package

klamav update dies unexpectedly in intrepid with apparmor active

Bug #310737 reported by buggrall
14
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released
Medium
Unassigned
Ubuntu ubuntu-9.04
Intrepid
Invalid
Undecided
Unassigned
Jaunty
Fix Released
Medium
Unassigned
Ubuntu ubuntu-9.04

Bug Description

I ran into a problem with updating klamav this morning (freshly installed Intrepid Ibex/8.10):
"the update process died unexpectedly. did you kill it?"

Running 'dmesg' unearths a problem with apparmor premissions (freshclam has no read/write permission in /tmp):

[25847.394171] type=1503 audit(1229981927.656:28): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=1000 name="/tmp/kde-peter/klamavwGmkJa.tmp" pid=6960 profile="/usr/bin/freshclam"

Adding the following line in '/etc/apparmor.d/usr.bin.freshclam' (just before the closing curly brace) fixed it:
  /tmp/** rw,

Cheers, Peter

Revision history for this message
Scott Kitterman (kitterman) wrote :

Is this still a problem? I think I fixed something related that might have resovled this in one of the post-release uploads.

Changed in klamav:
status: New → Incomplete
Revision history for this message
STGSAGWAN (sakura-launchpad-bugreport) wrote :

I'm not quite sure which one of these packages is responsible, klamav or clamav-freshclam, but I can say that this is still a problem.

When updates via klamav fails, the same error message output appears in /var/log/messages

Mar 3 20:35:54 myserver1 kernel: [ 4954.501931] type=1503 audit(1236080154.830:9): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=0 name="/tmp/freshclam.conf" pid=13096 profile="/usr/bin/freshclam"

Addin /tmp/** rw, does fix the problem.

Here's the package status on my Ubuntu 8.10 box.

$ dpkg -l | egrep 'klam|clam'
ii clamav 0.94.dfsg.2-1ubuntu0.1 anti-virus utility for Unix - command-line i
ii clamav-base 0.94.dfsg.2-1ubuntu0.1 anti-virus utility for Unix - base package
ii clamav-freshclam 0.94.dfsg.2-1ubuntu0.1 anti-virus utility for Unix - virus database
ii klamav 0.44-3ubuntu2 KDE frontend for ClamAV
ii libclamav5 0.94.dfsg.2-1ubuntu0.1 anti-virus utility for Unix - library

Anyway, I wonder which version of klamav package "One of the post-release uploads" really means.

Revision history for this message
Scott Kitterman (kitterman) wrote : Re: [Bug 310737] Re: klamav update dies unexpectedly in intrepid with apparmor active

It was a clamav (freshclam) upload. Klamav does not have an apparmor
profile. I'll look into it.

Scott Kitterman (kitterman)
Changed in klamav:
importance: Undecided → Medium
milestone: none → ubuntu-9.04
status: Incomplete → Triaged
Revision history for this message
Scott Kitterman (kitterman) wrote :

The suggestion from the Ubuntu security team is #include <abstractions/user-tmp>. So I'll get that added. I'd appreciate it if you would confirm that works too.

Revision history for this message
Hellsgator (hellsgate) wrote :

Confirmed. Same notification on Jaunty Beta 1.

Revision history for this message
Hellsgator (hellsgate) wrote :

Adding "/tmp/** rw," does not help. Still the same notification pops up.

Revision history for this message
STGSAGWAN (sakura-launchpad-bugreport) wrote :

Haved you restarted apparmor?

Revision history for this message
Scott Kitterman (kitterman) wrote :

We're currently testing clamav 0.95 to see if we can get it into Jaunty.
The test package includes a fix for this. If you look in the ubuntu-clamav
PPA you can test it (new Klamav there too that you'll need).

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed; please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

affects: klamav (Ubuntu Intrepid) → clamav (Ubuntu Intrepid)
Changed in clamav (Ubuntu Intrepid):
status: New → Fix Committed
tags: added: verification-needed
Scott Kitterman (kitterman)
Changed in clamav (Ubuntu Jaunty):
status: Triaged → Fix Released
Revision history for this message
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.

Changed in clamav (Ubuntu Intrepid):
status: Fix Committed → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.