[clamav-users] Could not watch path /var/lib/docker/overlay2 error
Franky Van Liedekerke
liedekef at telenet.be
Wed Oct 9 15:38:35 UTC 2019
Your bug was already reported by me. See this
bug: https://bugzilla.clamav.net/show_bug.cgi?id=12306 (and it
contains a workaround too)
Franky
Op Woensdag, 09-10-2019 om 17:32 schreef Arthur Ramsey via
clamav-users:
Hello,
I’m trying to implement on access scanning for docker containers
using overlayfs by running ClamAV outside of a container. I’m
using Amazon Linux 2 which is currently at 0.101.4.
If I set "OnAccessMountPath /“ an eicar test file downloaded and
read via a container isn’t detected. If I read the file created
within the container from outside the container it is detected.
If I set “OnAccessIncludePath /var/lib/docker/overlay2” I get:
Tue Oct 8 15:22:12 2019 -> ScanOnAccess: Protecting directory
'/var/lib/docker/overlay2' (and all sub-directories)
Tue Oct 8 15:22:12 2019 -> ERROR: ScanOnAccess: Could not watch path
'/var/lib/docker/overlay2', Success
I also tried "OnAccessIncludePath /var/lib/docker/overlay2//merged“
which isn’t practical because the uuid is generated when the
container starts but it does work.
I see that 0.102.0 has significant changes to on access scanning so
I’m trying to test that but the configure script isn’t detecting
fanotify support. I have kernel-devel and glibc-headers installed.
I’ve also confirmed fanotify support with "cat /boot/config- |
grep FANOTIFY”.
I get an error from the configure script:
./configure: line 30024: auto=yes: command not found
Here’s the full configure output: https://pastebin.com/0xYqhr2V.
This was my attempt to fix it but it didn’t
work: https://pastebin.com/k2kCrmHP.
Thanks,
Arthur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20191009/611a6935/attachment.htm>
More information about the clamav-users
mailing list