[Pkg-clamav-devel] Bug#917648: clamav-freshclam: doesn't properly clean up temporary files, consumes all disk
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Wed Jan 9 22:44:56 GMT 2019
On 2019-01-09 08:01:47 [+0000], Witold Baryluk wrote:
intrigeri, halp :) The good news is that I addressed the other two
apparmor related bugs. Now, I got a new one that reached my capacity:
> Here is dmesg output for the latest run:
>
> [129772.521856] audit: type=1400 audit(1547018290.209:137): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
> [129772.521920] audit: type=1400 audit(1547018290.209:138): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
> [129772.521952] audit: type=1400 audit(1547018290.209:139): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
>
>
> It appears this is somehow related to overlay or tmpfs
>
> tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
> /dev/sda1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
> /dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
> tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
> overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
> tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
> /dev/sda1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
> /dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
> tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755)
So the rules are correct in general but due to the overlay the pathname
gets a rw at the front of the path.
Is there something I need to include to profile or is this something
that is not supported?
Sebastian
More information about the Pkg-clamav-devel
mailing list