Hi, I believe the fix for this is the addition of
#include <abstractions/nameservice> in /etc/apparmor.d/usr.sbin.clamd. To test this: - start from a clean base apt-get purge clamav clamav-base clamav-daemon rm -rf /var/lib/clamav - install clamav apt-get install clamav-daemon check clamd is running (ps -afx or the like) process should be: /usr/sbin/clamd Modify clamd to use TCP 3310 and bind to localhost Add TCPAddr localhost TCPSocket 3310 to /etc/clamav/clamd.conf - Restart clamd /etc/init.d/clamav-daemon restart This should segfault now due to the apparmor profile denying access to tcp network related files (hosts, nsswitch resolve.conf etc) To resolve this Add #include <abstractions/nameservice> to /etc/apparmor.d/usr.sbin.clamd - Reload apparmor /etc/init.d/apparmor reload - Restart clamd /etc/init.d/clamav-daemon restart - This should now start correctly. clamdrib should also work correctly. <aside> Please correct me if I am wrong, but decided 'capability setuid' in this case is not required as clamdscan has the ability to call a file to scan with the - option. ie. clamdscan - <filename. which should run it in as the current user, which i suspect clamdrib is doing therefore shouldnt be necessary to setuid. </aside> Greg - please note that calling clamd or sudo clamd as per your original post is the incorrect way to start the daemon, as it should be started as root via the init script (/etc/init.d/clamav-daemon) which will result in the application dropping privileges to the clamav user. You should be doing clamd --config-file=/etc/clamav/clamd.conf -- clamd daemon fails to load https://bugs.launchpad.net/bugs/288942 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
