[Bug 1839767] Re: apparmor DENIED freshclam and clamd access to openssl.cnf

[Andreas Hasenack]

Thanks for filing this bug in Ubuntu.

This was fixed in 0.101.1+dfsg-1 (debian bug http://bugs.debian.org/913020), and is therefore fixed in Ubuntu eoan and later.diff --git a/debian/usr.bin.freshclam b/debian/usr.bin.freshclam
index 90490ac6..df5cb5be 100644
--- a/debian/usr.bin.freshclam
+++ b/debian/usr.bin.freshclam
@@ -4,10 +4,11 @@
 
 #include <tunables/global>
 
-/usr/bin/freshclam {
+/usr/bin/freshclam flags=(attach_disconnected) {
   #include <abstractions/base>
   #include <abstractions/nameservice>
   #include <abstractions/user-tmp>
+  #include <abstractions/openssl>
 
   capability setgid,
   capability setuid,
diff --git a/debian/usr.sbin.clamd b/debian/usr.sbin.clamd
index 91c67c45..45447594 100644
--- a/debian/usr.sbin.clamd
+++ b/debian/usr.sbin.clamd
@@ -7,6 +7,7 @@
 /usr/sbin/clamd {
   #include <abstractions/base>
   #include <abstractions/nameservice>
+  #include <abstractions/openssl>
 
   # LP: #433764:
   capability dac_override,


** Bug watch added: Debian Bug tracker #913020
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913020

** Also affects: clamav (Debian) via
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913020
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server, which is subscribed to clamav in Ubuntu.
https://bugs.launchpad.net/bugs/1839767

Title:
  apparmor DENIED freshclam and clamd access to openssl.cnf

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1839767/+subscriptions