In the long run, the solution is to have freshclam use a helper application. The helper application would run unconfined but would only run stuff that is in those directories, and the main freshclam binary wouldn't be able to write to those directories.
For now, about all I can do is extend the README a bit. This is the proposed text: The freshclam utility is also protected by an enforcing profile. If you want to add files to the /etc/clamav/onerrorexecute.d, /etc/clamav/onupdateexecute.d, or /etc/clamav/virusevent.d directories, appropriate rules need to be added to the apparmor profile. Please see https://wiki.ubuntu.com/AppArmor for information and documentation on modifying apparmor profiles. -- freshclam won't execute /etc/clamav/onupdateexecute.d scripts https://bugs.launchpad.net/bugs/585026 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
