Bug 2006490
| Summary: | clamd will not start after upgrade to clamav-0.103.3-5.el7.x86_64 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora EPEL | Reporter: | ryan.brothers |
| Component: | clamav | Assignee: | Sergio Basto <sergio> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | epel7 | CC: | anon.amish, bennie.joubert, didier.moens, hanspeter.gosteli, janfrode, j, lee.jnk, ondrejj, orion, pgnet.dev, redhat-bugzilla, rh-bugzilla, ryan.kimbrell, sergio, steve |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | clamav-0.103.3-8.el8 clamav-0.103.3-8.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-11 21:41:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
ryan.brothers
2021-09-21 18:27:55 UTC
Sergio, what's the reason for removing `%dir %attr(0710,%scanuser,virusgroup)` from the `%files` section of the spec file with https://src.fedoraproject.org/rpms/clamav/c/7f94084fd5c606f94c20c0aff0c0d0fc19b404dc?branch=epel7? If you don't run `systemd-tmpfiles` in `%post` anymore, something else has to create the directory with the proper permissions on the running system. The example at https://docs.fedoraproject.org/en-US/packaging-guidelines/Tmpfiles.d/ also has a `%dir /run/%{name}/` and mentions to use to `%attr()` if needed. IMHO re-adding `%dir %attr(0710,%scanuser,virusgroup)` to `%files` makes sense for all branches. cat /usr/lib/tmpfiles.d/clamd.scan.conf d /run/clamd.scan 0710 clamscan virusgroup /usr/lib/tmpfiles.d/clamd.scan.conf will create /run/clamd.scan ll /run/clamd.scan/ -d drwx--x--- 2 clamscan virusgroup 60 Set 21 23:11 /run/clamd.scan/ aAter edit /etc/clamd.d/scan.conf and enbale sockets : LocalSocket /run/clamd.scan/clamd.sock I did : systemctl restart clamd@scan and check log journalctl -u clamd@scan -f (...) Set 21 23:11:51 vm_epel7 systemd[1]: Started clamd scanner (scan) daemon. it is working for me soory for the typos , socket is also there , ll /run/clamd.scan/clamd.sock srw-rw-rw- 1 clamscan clamscan 0 Set 21 23:11 /run/clamd.scan/clamd.sock I got the error on a fresh install of CentOS 7. The steps I did were: - install CentOS-7-x86_64-Minimal-2009.iso into a new VM - yum install epel-release - yum install clamav clamd - edit /etc/clamd.d/scan.conf for: LocalSocket /run/clamd.scan/clamd.sock - run: freshclam - run: systemctl start clamd@scan It returns an error: Job for clamd failed because the control process exited with error code. See "systemctl status clamd" and "journalctl -xe" for details. In /var/log/messages: Sep 21 20:54:59 localhost.localdomain clamd[1620]: LOCAL: Could not create socket directory: /run/clamd.scan: Permission denied Sep 21 20:54:59 localhost.localdomain clamd[1619]: ERROR: LOCAL: Could not create socket directory: /run/clamd.scan: Permission denied Sep 21 20:54:59 localhost.localdomain clamd[1619]: ERROR: LOCAL: Socket file /run/clamd.scan/clamd.sock could not be bound: No such file or directory Sep 21 20:54:59 localhost.localdomain clamd[1620]: LOCAL: Socket file /run/clamd.scan/clamd.sock could not be bound: No such file or directory OK , I see if you reboot it will work or without reboot you may run /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf on Fedora works out of the box , we don't need reboot I'm studying add this to epel 7 only : if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then # Initial installation /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf fi (In reply to Sergio Basto from comment #5) > I'm studying add this to epel 7 only : > > if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then > # Initial installation > /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf > fi No. Please follow the Fedora Packaging Guidelines by adding `%dir %attr(0710,%scanuser,virusgroup)` to `%files` section (as mentioned in comment #1). (In reply to Robert Scheck from comment #6) > (In reply to Sergio Basto from comment #5) > > I'm studying add this to epel 7 only : > > > > if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then > > # Initial installation > > /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf > > fi > > No. Please follow the Fedora Packaging Guidelines by adding `%dir > %attr(0710,%scanuser,virusgroup)` to `%files` section (as mentioned in > comment #1). OK I going add it, but note that I hadn't remove it , because is in an if that is never reached . Thank you The problem is bug #1821973 , when we add one custom /etc/tmpfiles.d/clamd.scan.conf , /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf will change to original on every update . Testing add /run//clamd.scan to %files works in Fedora but not on epel 7 (in epel 7 it change the dir permissions ) ~ So with or without adding /run//clamd.scan to %file , it works on Fedora and in epel 7 in fresh installation fails without adding /run//clamd.scan to %file and with a custom tmpfiles fails with adding /run//clamd.scan to %file. So I prefer create create on epel 7 with [1] [1] %if (0%{?rhel} && 0%{?rhel} < 8) if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then # Initial installation /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf fi %endif Ah, custom tmpfiles.d configurations! But will `/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf` really work with a custom /etc/tmpfiles.d/clamd.scan.conf, too? Or will it reintroduce bug #1821973 (especially on package updates)? that is why I want run it only in initial installation and not in upgrades [1] [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then # Initial installation /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf fi FEDORA-EPEL-2021-a155b86ae4 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a155b86ae4 FEDORA-EPEL-2021-c8e1a564bf has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c8e1a564bf FEDORA-EPEL-2021-a155b86ae4 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a155b86ae4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2021-c8e1a564bf has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c8e1a564bf See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. Upgraded from 0.103.3-5.el7 to 0.103.3-8.el7, but our logs still show the originally reported issue : Oct 07 11:41:13 obfusc clamd[24048]: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied Oct 07 11:41:13 obfusc clamd[24047]: Thu Oct 7 11:41:13 2021 -> !LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied Oct 07 11:41:13 obfusc clamd[24047]: Thu Oct 7 11:41:13 2021 -> !LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory Oct 07 11:41:13 obfusc clamd[24047]: Thu Oct 7 11:41:13 2021 -> *Closing the main socket. Oct 07 11:41:13 obfusc clamd[24048]: LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory Oct 07 11:41:13 obfusc clamd[24048]: Closing the main socket. Oct 07 11:41:13 obfusc systemd[1]: clamd: control process exited, code=exited status=1 Oct 07 11:41:13 obfusc systemd[1]: Failed to start clamd scanner (scan) daemon. Oct 07 11:41:13 obfusc systemd[1]: Unit clamd entered failed state. Oct 07 11:41:13 obfusc systemd[1]: clamd failed. Oct 07 11:41:14 obfusc systemd[1]: clamd holdoff time over, scheduling restart. Oct 07 11:41:14 obfusc systemd[1]: Stopped clamd scanner (scan) daemon. Oct 07 11:41:14 obfusc systemd[1]: Starting clamd scanner (scan) daemon... Oct 07 11:41:14 obfusc clamd[24625]: Received 0 file descriptor(s) from systemd. Oct 07 11:41:14 obfusc clamd[24625]: clamd daemon 0.103.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Oct 07 11:41:14 obfusc clamd[24625]: Log file size limited to 2097152 bytes. Oct 07 11:41:14 obfusc clamd[24625]: Reading databases from /var/lib/clamav Oct 07 11:41:14 obfusc clamd[24625]: Not loading PUA signatures. Oct 07 11:41:14 obfusc clamd[24625]: Bytecode: Security mode set to "TrustSigned". Oct 07 11:41:35 obfusc clamd[24625]: Loaded 8871783 signatures. Oct 07 11:41:40 obfusc clamd[24624]: Thu Oct 7 11:41:40 2021 -> !LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied As this is filling up our mailserver logs since past August (update 0.103.3-4.el7), we've now resorted to : # mkdir /var/run/clamd.scan && chown clamscan:clamscan /var/run/clamd.scan thank you for reporting is important for me know what people needs around clamav you just need run `/bin/systemd-tmpfiles --create /bin/systemd-tmpfiles/clamd.scan.conf ` before start clamd I think you are confusion because on upgrade scriplets not running `/bin/systemd-tmpfiles --create /bin/sy stemd-tmpfiles/clamd.scan.conf` just on install for some reason `/bin/systemd-tmpfiles --create /bin/systemd-tmpfiles/clamd.scan.conf`was not running at first time and on upgrade also haven't run . FEDORA-EPEL-2021-a155b86ae4 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-EPEL-2021-c8e1a564bf has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |