As another try, I tried to disable the apparmor profile by cd /etc/apparmor.d/disable ln -s ./../usr.sbin.clamd as described by Thomas above. Unexpectedly, that did not get rid of the message "ERROR: initgroups() failed". I found I had a file "usr.sbin(Kopie).clamd" in that folder; this file was a backup of the original, and got used by apparmor (went into the cache folder). After removing this backup copy (and reload apparmor) clamd could start.
Next try: use the original usr.sbin.clamd and add "capability setgid," as recommended by Christian above. After reload apparmor and restart clamd I got "ERROR: Failed to change socket ownership to group clamav Closing the main socket." But at system restart clamd started without error. So, it was the backup file in /etc/apparmor.d which caused the trouble. Maybe, I will gradually find out how to get on-access scan working. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1404762 Title: apparmor profile usr.sbin.clamd does not allow ScanOnAccess via fanotify Status in apparmor package in Ubuntu: Confirmed Bug description: I tried to enable the ScanOnAccess option in /etc/clamav.conf to get on-access scanning. Doing so, /var/log/clamav/clamav.log tells me: ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted ScanOnAccess: clamd must be started by root Setting User to root in /etc/clamav/clamd.conf makes the clamav-daemon to fail with service clamav-daemon start * Starting ClamAV daemon clamd ERROR: initgroups() failed. I had to disable the apparmor.profile with a cd /etc/apparmor.d/disable ln -s ./../usr.sbin.clamd Then, the "ERROR: initgroups() failed." disappears. The apparmor itself came via apt-get packages. I did not edit it. Description: Ubuntu 14.04.1 LTS Release: 14.04 apt-cache policy apparmor-profiles apparmor-profiles: Installiert: (keine) Installationskandidat: 2.8.95~2430-0ubuntu5.1 Versionstabelle: 2.8.95~2430-0ubuntu5.1 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ trusty-security/main amd64 Packages 2.8.95~2430-0ubuntu5 0 500 http://de.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: apparmor-profiles (not installed) ProcVersionSignature: Ubuntu 3.13.0-43.72-generic 3.13.11.11 Uname: Linux 3.13.0-43-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 Date: Mon Dec 22 01:23:04 2014 InstallationDate: Installed on 2014-11-29 (22 days ago) InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2) ProcEnviron: LANGUAGE=de_DE TERM=xterm PATH=(custom, no user) LANG=de_DE.UTF-8 SHELL=/bin/bash ProcKernelCmdline: BOOT_IMAGE=/@/boot/vmlinuz-3.13.0-43-generic root=UUID=6408c2d9-1b60-43d7-9a7f-2dceeb40de28 ro rootflags=subvol=@ quiet splash vt.handoff=7 SourcePackage: apparmor Syslog: UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
