[ZendTo] Debian Buster, apparmor and clamd

Jules Jules at Zend.To
Fri Dec 27 17:45:37 GMT 2019 

Kevin,

You might just need to
   /etc/init.d/apparmor teardown
   apparmor_parser --purge-cache
   /etc/init.d/apparmor start
   /etc/init.d/apparmor reload
to flush its cache completely.

There is a bug in Ubuntu 18's setup of clamd in apparmor, where it's 
missing an "attach_disconnected" flag, but I haven't played with Debian 
10 much yet.

Cheers,
Jules.

On 24/09/2019 11:34 pm, Kevin Miller via ZendTo wrote:
> I have a zendto installed on Debian Stretch (on a VM) which works fine.  I cloned it, updated zendto to 5.21-2 Production, and everything was fine.  I then upgraded Stretch to Buster.  After that, things went south.  I'm seeing an AppArmor issue.  The following is from the syslog:
>
> Sep 24 13:46:27 fileshare2 kernel: [  723.420159] audit: type=1400 audit(1569361587.454:13): apparmor="DENIED" operation="getattr" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/clamd" name="var/zendto/incoming/phpeuAoDV" pid=528 comm="clamd" requested_mask="r" denied_mask="r" fsuid=112 ouid=33
>
> I disabled AppArmor, rebooted, and everything worked as advertised.  FWIW, AppArmor isn't running on the host with Debian Stretch.
>
> One thing that stands out in the error message is:
>    name="var/zendto/incoming/phpeuAoDV
> Note the lack of leading / character in the filename.  I suspect that's the issue but I don't know what's passing the file path without the leading forward slash.
>
> I did add in the /var/zendto tree to the AppArmor configuration as below.
>    root at fileshare2:/etc/apparmor.d/local# cat usr.sbin.clamd
>    # Site-specific additions and overrides for usr.sbin.clamd.
>    # For more details, please see /etc/apparmor.d/local/README.
>    /var/zendto/** r,
>
> I know Julian is laid up - hoping someone else here's already solved the problem...
>
> ...Kevin
> --
> Kevin Miller
> Network/email Administrator, CBJ MIS Dept.
> 155 South Seward Street
> Juneau, Alaska 99801
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

The current UK shipping forecast:
Irish Sea: Southwest 4 or 5, becoming cyclonic 6 to gale 8, then north 4 to 6.
Slight or moderate, occasionally rough in south. Rain. Good, occasionally
poor.

www.Zend.To
Twitter: @JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20191227/3db77790/attachment.html>

More information about the ZendTo mailing list