I can't reproduce this on Bionic today. I'm expecting to see a denial in
/var/log/kern.log or dmesg after installing the clamav package, but I
see none. I also tried stopping the clamav-freshclam service and running
"sudo freshclam" manually, but I still don't see a denial.
/etc/apparmor.d/usr.bin.freshclam includes abstractions/base, which
contains "@{PROC}/@{pid}/{maps,auxv,status} r". So I'd expect the open
call to work now based on Andreas' comment 1 above.
I did manage to see a denial message in Xenial though. Here, I don't see
"status" in /etc/apparmor.d/abstractions/base.
Therefore I believe this is fixed in Bionic.
It seems to me that the best way to fix this would be to add
"@{PROC}/@{pid}/{maps,auxv,status} r" to
/etc/apparmor.d/abstractions/base in an SRU to the apparmor package
Xenial?
Having said that, since it's just a warning for clamav and doesn't cause
a functional problem, I'm not sure an SRU would be justified.
** Also affects: clamav (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: clamav (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1659223
Title:
apparmor regression blocking freshclam process info
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1659223/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
