[Clamav-devel] [SUSPECTED SPAM] [Feature request] Support Linux symlinks for all configuration and database folders
Jacek Zapała
jacek at it.pl
Mon Mar 29 12:03:39 UTC 2021
On 3/29/21 1:08 PM, jean-christophe manciot wrote:
> Hi Micah,
>
> Thanks for your very detailed answer.
> I'm not an apparmor expert either, but I doubt it is related to apparmor:
> - the clamd & freshclam profiles authorizes the access to:
> + /etc/clamav/clamd.conf r,
> + /etc/clamav/freshclam.conf r,
> + /var/lib/clamav/ r,
> + /var/lib/clamav/** krw,
> - there is no specific dedicated access right for symlinks in
> http://manpages.ubuntu.com/manpages/hirsute/man5/apparmor.d.5.html nor
> in the capabilities
> http://manpages.ubuntu.com/manpages/hirsute/man7/capabilities.7.html,
> so it seems fair to assume that 'r - Read mode' and 'w - Write mode'
> allow symlinks accesses.
Micah is right and above assumption is wrong. This is how apparmor works.
If you need those symlinks and don't want to modify apparmor config for
clamav, you can add aliases to /etc/apparmor.d/tunables/alias
Regards,
Jacek
More information about the clamav-devel
mailing list