[Pkg-clamav-devel] Bug#903834: clamav-freshclam: AppArmor denies access to /procp/<pid>/status
intrigeri
intrigeri at boum.org
Sun Jul 22 13:10:08 BST 2018
Vincas Dargis:
> This doesn't seem to reproduce on Sid though.
On sid, during initial installation aa-status says:
1 processes are unconfined but have a profile defined.
/usr/bin/freshclam (1573)
Looking at the Journal, it looks very much like the clamav-freshclam
service is started before the /usr/bin/freshclam AppArmor profile
is loaded.
I think this is potentially racy, which might be why the problem can't
trivially be reproduced in sid.
Cheers,
--
intrigeri
More information about the Pkg-clamav-devel
mailing list