[pkg-apparmor] Bug#884707: apparmor breaks clamdscan
Francois Gouget
fgouget at free.fr
Mon Dec 18 14:00:00 UTC 2017
Package: apparmor
Version: 2.11.1-4
Severity: important
Dear Maintainer,
After upgrading from apparmor 2.11.1-2 to 2.11.1-4 I cannot use clamdscan anymore;
$ ll -d /bin /bin/true
drwxr-xr-x 2 root root 4,0K déc. 14 18:26 /bin
-rwxr-xr-x 1 root root 31K oct. 2 19:51 /bin/true
$ clamdscan /bin/true
/bin/true: Can't open file or directory ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.004 sec (0 m 0 s)
Such a command should have been successful.
As far as I can tell this error is caused by
/etc/apparmor.d/usr.sbin.clamd which, IMO, puts undue restrictions on
the Clam-AV operations.
Note that I did not install apparmor by choice: it was brought in by
linux-image-4.13. It's not like I asked for it but it appears now I will
have to learn how to fix its configuration :-(
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.13.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr:en_US (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages apparmor depends on:
ii debconf [debconf-2.0] 1.5.65
ii libc6 2.25-3
ii lsb-base 9.20170808
ii python3 3.6.3-2
apparmor recommends no packages.
Versions of packages apparmor suggests:
pn apparmor-profiles <none>
pn apparmor-profiles-extra <none>
pn apparmor-utils <none>
-- debconf information:
apparmor/homedirs:
More information about the pkg-apparmor-team
mailing list