Package: clamav-freshclam Version: 0.100.0+dfsg-1 Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu cosmic ubuntu-patch
Hi, We've received a downstream report of the following AppArmor denial: Jun 26 16:31:12 localhost kernel: [21690.397358] audit: type=1400 audit(1530048672.329:116): apparmor="DENIED" operation="rename_src" profile="/usr/bin/freshclam" name="/var/log/clamav/freshclam.log" pid=2604 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=121 ouid=121 The suggestion is to change, in debian/usr.bin.freshclam: /var/log/clamav/* kw, to: /var/log/clamav/* krw, Downstream bug: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1778812 Upstream discussion: https://lists.ubuntu.com/archives/apparmor/2018-June/011711.html Here's the patch: diff --git a/debian/usr.bin.freshclam b/debian/usr.bin.freshclam index de970a4..90490ac 100644 --- a/debian/usr.bin.freshclam +++ b/debian/usr.bin.freshclam @@ -32,7 +32,7 @@ /var/lib/clamav/ r, /var/lib/clamav/** krw, - /var/log/clamav/* kw, + /var/log/clamav/* krw, /{,var/}run/clamav/freshclam.pid w, /{,var/}run/clamav/clamd.ctl rw, I haven't verified this, but it seems trivial and reasonable enough that I think it should be fine just to land. Thanks, Robie
signature.asc
Description: PGP signature
