[Bug 1839767] Re: apparmor DENIED freshclam and clamd access to openssl.cnf
Andreas Hasenack
andreas at canonical.com
Mon Aug 12 18:27:58 UTC 2019
Thanks for filing this bug in Ubuntu.
This was fixed in 0.101.1+dfsg-1 (debian bug http://bugs.debian.org/913020), and is therefore fixed in Ubuntu eoan and later.diff --git a/debian/usr.bin.freshclam b/debian/usr.bin.freshclam
index 90490ac6..df5cb5be 100644
--- a/debian/usr.bin.freshclam
+++ b/debian/usr.bin.freshclam
@@ -4,10 +4,11 @@
#include <tunables/global>
-/usr/bin/freshclam {
+/usr/bin/freshclam flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
+ #include <abstractions/openssl>
capability setgid,
capability setuid,
diff --git a/debian/usr.sbin.clamd b/debian/usr.sbin.clamd
index 91c67c45..45447594 100644
--- a/debian/usr.sbin.clamd
+++ b/debian/usr.sbin.clamd
@@ -7,6 +7,7 @@
/usr/sbin/clamd {
#include <abstractions/base>
#include <abstractions/nameservice>
+ #include <abstractions/openssl>
# LP: #433764:
capability dac_override,
** Bug watch added: Debian Bug tracker #913020
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913020
** Also affects: clamav (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913020
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to clamav in Ubuntu.
https://bugs.launchpad.net/bugs/1839767
Title:
apparmor DENIED freshclam and clamd access to openssl.cnf
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1839767/+subscriptions
More information about the Ubuntu-server-bugs
mailing list