Hello, Am Montag, 25. Mai 2020, 11:22:01 CEST schrieb intrigeri: > FTR, here's the profile shipped in the clamav-freshclam package: > https://salsa.debian.org/clamav-team/clamav/-/blob/unstable/debian/usr > .bin.freshclam It has been updated a few times in the last few years. > > And here's the upstream one from the AppArmor project: > https://gitlab.com/apparmor/apparmor/-/blob/master/profiles/apparmor/p > rofiles/extras/usr.bin.freshclam It has been updated once in the last > 10 years.
... and it works on my openSUSE servers (and nobody reported issues from other distros), which means there was no reason for additional updates ;-) > I would love to see cross-distro collaboration on this profile, but > our current infrastructure & processes are not ready for that yet, > and I lack time/energy to push this forward myself. I compared both profiles, and to cover both Debian and openSUSE, you'd need to add the following lines to the Debian profile: #include <abstractions/consoles> # rule exists since the original # profile version in 2006, no idea if it's really needed # openSUSE configfile paths /etc/clamd.conf r, /etc/freshclam.conf r, I'd recommend to change the pidfile rule to have the owner restriction if possible: # /{,var/}run/clamav/freshclam.pid w, # from Debian profile owner /{,var/}run/clamav/freshclam.pid w, # upstream profiles/extra I also wonder about ~/.clamtk/db/ and ~/.klamav/database/ (which I obviously don't need for server usage) - but I'm sure Jamie had good reasons to allow that ;-) If you open a merge request upstream, I'll happily review it ;-) Feel free to commit the Debian profile + the additional rules listed above - that's probably easier than integrating the profiles the other way round. Regards, Christian Boltz -- >> emoenke@ftp4:4 /mirr/bin > du -s /pub/opensuse/distribution/* > Using `du -sh` might be more readable. ;-) Not for me - only for so called "humans". [> houghi and Eberhard Moenkeberg in opensuse]
signature.asc
Description: This is a digitally signed message part.