[Pkg-clamav-devel] Bug#972974: Bug#972974: clamav-freshclam start faild.

jean-christophe manciot actionmystique at gmail.com
Thu Oct 29 10:05:23 GMT 2020 

I've just realized that lchown is only a system call, so it must be
used from within /usr/bin/freshclam.

On Thu, Oct 29, 2020 at 9:33 AM jean-christophe manciot
<actionmystique at gmail.com> wrote:
>
> I have tried to add to /etc/apparmor.d/local/usr.bin.freshclam:
>   capability dac_override,
>
> and restarted apparmor then clamav-freshclam, the issue is still there:
> # echo 'q' | sudo systemctl --no-pager --full status clamav-freshclam
> ● clamav-freshclam.service - ClamAV virus database updater
>      Loaded: loaded (/lib/systemd/system/clamav-freshclam.service;
> enabled; vendor preset: enabled)
>      Active: failed (Result: exit-code) since Thu 2020-10-29 09:06:06
> CET; 42s ago
>        Docs: man:freshclam(1)
>              man:freshclam.conf(5)
>              https://www.clamav.net/documents
>     Process: 966650 ExecStart=/usr/bin/freshclam -d --foreground=true
> (code=exited, status=9)
>    Main PID: 966650 (code=exited, status=9)
>
> Oct 29 09:06:06 hostname systemd[1]: Started ClamAV virus database updater.
> Oct 29 09:06:06 hostname freshclam[966650]: ERROR: lchown to user
> 'clamav' failed on
> Oct 29 09:06:06 hostname freshclam[966650]: log file
> '/var/log/clamav/freshclam.log'.
> Oct 29 09:06:06 hostname freshclam[966650]: Error was 'Operation not permitted'
> Oct 29 09:06:06 hostname freshclam[966650]: Thu Oct 29 09:06:06 2020
> -> ^lchown to user 'clamav' failed on log file
> '/var/log/clamav/freshclam.log'.  Error was 'Operation not permitted'
> Oct 29 09:06:06 hostname freshclam[966650]: Thu Oct 29 09:06:06 2020
> -> !Failed to switch to clamav user.
> Oct 29 09:06:06 hostname systemd[1]: clamav-freshclam.service: Main
> process exited, code=exited, status=9/n/a
> Oct 29 09:06:06 hostname systemd[1]: clamav-freshclam.service: Failed
> with result 'exit-code'.
>
> The error message regarding 'lchown' is strange: I have checked
> /etc/init.d/clamav-freshclam, and also config and postinst included in
> the DEBIAN folder of the package, none includes such a call.
> However, postinst does include 'chown "$dbowner":adm
> $FRESHCLAMLOGFILE' (with dbowner=clamav and
> FRESHCLAMLOGFILE=/var/log/clamav/freshclam.log), so lchown does not
> seem necessary wherever it is located.
>
> On Thu, Oct 29, 2020 at 12:07 AM Sebastian Andrzej Siewior
> <sebastian at breakpoint.cc> wrote:
> >
> > On 2020-10-27 07:22:22 [+0000], Michael Borgelt wrote:
> > > I have tried different permissions for the file and the directory without
> > > success. The obove permissions are after a clean reinstall off clamav
> > > package.
> >
> > The problem appears to be the apparmor or freshclam's profile for it. So
> > disabling apparmor should make freshclam work again.
> > Probably adding
> > |         capability dac_override,
> >
> > to the profile will help, too. I will test it later today…
> >
> > Sebastian
>
>
>
> --
> Jean-Christophe



-- 
Jean-Christophe

More information about the Pkg-clamav-devel mailing list