Ubuntu
clamav package

  1. Bug #288942
  2. Comment #5

Comment 5 for bug 288942

Revision history for this message
Scott Kitterman (kitterman) wrote :

You can shift just the clamav profile to complain mode (and then the plugin works) by running:

sudo aa-complain usr.sbin.clamd

In complain mode, I get:

Oct 25 11:52:33 scott-laptop kernel: [ 5308.432588] type=1502 audit(1224949953.717:3435): operation="socket_accept" family="inet" sock_type="stream" protocol=6 pid=12985 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.432903] type=1502 audit(1224949953.717:3436): operation="socket_recvmsg" family="inet" sock_type="stream" protocol=6 pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.432924] type=1502 audit(1224949953.717:3437): operation="socket_recvmsg" family="inet" sock_type="stream" protocol=6 pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433035] type=1502 audit(1224949953.717:3438): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=111 name="/etc/resolv.conf" pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433131] type=1502 audit(1224949953.717:3439): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=111 name="/etc/hosts" pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433202] type=1502 audit(1224949953.717:3440): operation="socket_create" family="inet" sock_type="stream" protocol=0 pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433225] type=1502 audit(1224949953.717:3441): operation="socket_post_create" family="inet" sock_type="stream" protocol=6 pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433240] type=1502 audit(1224949953.717:3442): operation="socket_bind" family="inet" sock_type="stream" protocol=6 pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433254] type=1502 audit(1224949953.717:3443): operation="socket_listen" family="inet" sock_type="stream" protocol=6 pid=13341 profile="/usr/sbin/clamd"
Oct 25 11:52:33 scott-laptop kernel: [ 5308.433293] type=1502 audit(1224949953.717:3444): operation="socket_sendmsg" family="inet" sock_type="stream" protocol=6 pid=13341 profile="/usr/sbin/clamd"

I'm going to ask someone who knows more about apparmor than I do to look at this bug.