I am running CentOS 7 and upgraded from clamav-0.103.3-1.el7.x86_64 to clamav-0.103.3-5.el7.x86_64. After I upgraded, clamav will not start and gives an error: clamd: ERROR: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied clamd: ERROR: LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory I'm seeing someone else with the same issue at: https://stackoverflow.com/questions/69211034/clamd-error-local-could-not-create-socket-directory-var-run-clamd-scan-per Please let me know if I can give more information to help narrow down this issue. Thanks.
Sergio, what's the reason for removing `%dir %attr(0710,%scanuser,virusgroup)` from the `%files` section of the spec file with https://src.fedoraproject.org/rpms/clamav/c/7f94084fd5c606f94c20c0aff0c0d0fc19b404dc?branch=epel7? If you don't run `systemd-tmpfiles` in `%post` anymore, something else has to create the directory with the proper permissions on the running system. The example at https://docs.fedoraproject.org/en-US/packaging-guidelines/Tmpfiles.d/ also has a `%dir /run/%{name}/` and mentions to use to `%attr()` if needed. IMHO re-adding `%dir %attr(0710,%scanuser,virusgroup)` to `%files` makes sense for all branches.
cat /usr/lib/tmpfiles.d/clamd.scan.conf d /run/clamd.scan 0710 clamscan virusgroup /usr/lib/tmpfiles.d/clamd.scan.conf will create /run/clamd.scan ll /run/clamd.scan/ -d drwx--x--- 2 clamscan virusgroup 60 Set 21 23:11 /run/clamd.scan/ aAter edit /etc/clamd.d/scan.conf and enbale sockets : LocalSocket /run/clamd.scan/clamd.sock I did : systemctl restart clamd@scan and check log journalctl -u clamd@scan -f (...) Set 21 23:11:51 vm_epel7 systemd[1]: Started clamd scanner (scan) daemon. it is working for me
soory for the typos , socket is also there , ll /run/clamd.scan/clamd.sock srw-rw-rw- 1 clamscan clamscan 0 Set 21 23:11 /run/clamd.scan/clamd.sock
I got the error on a fresh install of CentOS 7. The steps I did were: - install CentOS-7-x86_64-Minimal-2009.iso into a new VM - yum install epel-release - yum install clamav clamd - edit /etc/clamd.d/scan.conf for: LocalSocket /run/clamd.scan/clamd.sock - run: freshclam - run: systemctl start clamd@scan It returns an error: Job for clamd failed because the control process exited with error code. See "systemctl status clamd" and "journalctl -xe" for details. In /var/log/messages: Sep 21 20:54:59 localhost.localdomain clamd[1620]: LOCAL: Could not create socket directory: /run/clamd.scan: Permission denied Sep 21 20:54:59 localhost.localdomain clamd[1619]: ERROR: LOCAL: Could not create socket directory: /run/clamd.scan: Permission denied Sep 21 20:54:59 localhost.localdomain clamd[1619]: ERROR: LOCAL: Socket file /run/clamd.scan/clamd.sock could not be bound: No such file or directory Sep 21 20:54:59 localhost.localdomain clamd[1620]: LOCAL: Socket file /run/clamd.scan/clamd.sock could not be bound: No such file or directory
OK , I see if you reboot it will work or without reboot you may run /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf on Fedora works out of the box , we don't need reboot I'm studying add this to epel 7 only : if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then # Initial installation /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf fi
(In reply to Sergio Basto from comment #5) > I'm studying add this to epel 7 only : > > if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then > # Initial installation > /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf > fi No. Please follow the Fedora Packaging Guidelines by adding `%dir %attr(0710,%scanuser,virusgroup)` to `%files` section (as mentioned in comment #1).
(In reply to Robert Scheck from comment #6) > (In reply to Sergio Basto from comment #5) > > I'm studying add this to epel 7 only : > > > > if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then > > # Initial installation > > /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf > > fi > > No. Please follow the Fedora Packaging Guidelines by adding `%dir > %attr(0710,%scanuser,virusgroup)` to `%files` section (as mentioned in > comment #1). OK I going add it, but note that I hadn't remove it , because is in an if that is never reached . Thank you
The problem is bug #1821973 , when we add one custom /etc/tmpfiles.d/clamd.scan.conf , /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf will change to original on every update . Testing add /run//clamd.scan to %files works in Fedora but not on epel 7 (in epel 7 it change the dir permissions ) ~ So with or without adding /run//clamd.scan to %file , it works on Fedora and in epel 7 in fresh installation fails without adding /run//clamd.scan to %file and with a custom tmpfiles fails with adding /run//clamd.scan to %file. So I prefer create create on epel 7 with [1] [1] %if (0%{?rhel} && 0%{?rhel} < 8) if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then # Initial installation /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf fi %endif
Ah, custom tmpfiles.d configurations! But will `/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf` really work with a custom /etc/tmpfiles.d/clamd.scan.conf, too? Or will it reintroduce bug #1821973 (especially on package updates)?
that is why I want run it only in initial installation and not in upgrades [1] [1] https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax if [ $1 -eq 1 ] && [ -x /usr/bin/systemctl ]; then # Initial installation /bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/clamd.scan.conf fi
FEDORA-EPEL-2021-a155b86ae4 has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a155b86ae4
FEDORA-EPEL-2021-c8e1a564bf has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c8e1a564bf
FEDORA-EPEL-2021-a155b86ae4 has been pushed to the Fedora EPEL 8 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-a155b86ae4 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2021-c8e1a564bf has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2021-c8e1a564bf See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Upgraded from 0.103.3-5.el7 to 0.103.3-8.el7, but our logs still show the originally reported issue : Oct 07 11:41:13 obfusc clamd[24048]: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied Oct 07 11:41:13 obfusc clamd[24047]: Thu Oct 7 11:41:13 2021 -> !LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied Oct 07 11:41:13 obfusc clamd[24047]: Thu Oct 7 11:41:13 2021 -> !LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory Oct 07 11:41:13 obfusc clamd[24047]: Thu Oct 7 11:41:13 2021 -> *Closing the main socket. Oct 07 11:41:13 obfusc clamd[24048]: LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory Oct 07 11:41:13 obfusc clamd[24048]: Closing the main socket. Oct 07 11:41:13 obfusc systemd[1]: clamd: control process exited, code=exited status=1 Oct 07 11:41:13 obfusc systemd[1]: Failed to start clamd scanner (scan) daemon. Oct 07 11:41:13 obfusc systemd[1]: Unit clamd entered failed state. Oct 07 11:41:13 obfusc systemd[1]: clamd failed. Oct 07 11:41:14 obfusc systemd[1]: clamd holdoff time over, scheduling restart. Oct 07 11:41:14 obfusc systemd[1]: Stopped clamd scanner (scan) daemon. Oct 07 11:41:14 obfusc systemd[1]: Starting clamd scanner (scan) daemon... Oct 07 11:41:14 obfusc clamd[24625]: Received 0 file descriptor(s) from systemd. Oct 07 11:41:14 obfusc clamd[24625]: clamd daemon 0.103.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Oct 07 11:41:14 obfusc clamd[24625]: Log file size limited to 2097152 bytes. Oct 07 11:41:14 obfusc clamd[24625]: Reading databases from /var/lib/clamav Oct 07 11:41:14 obfusc clamd[24625]: Not loading PUA signatures. Oct 07 11:41:14 obfusc clamd[24625]: Bytecode: Security mode set to "TrustSigned". Oct 07 11:41:35 obfusc clamd[24625]: Loaded 8871783 signatures. Oct 07 11:41:40 obfusc clamd[24624]: Thu Oct 7 11:41:40 2021 -> !LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied
As this is filling up our mailserver logs since past August (update 0.103.3-4.el7), we've now resorted to : # mkdir /var/run/clamd.scan && chown clamscan:clamscan /var/run/clamd.scan
thank you for reporting is important for me know what people needs around clamav you just need run `/bin/systemd-tmpfiles --create /bin/systemd-tmpfiles/clamd.scan.conf ` before start clamd I think you are confusion because on upgrade scriplets not running `/bin/systemd-tmpfiles --create /bin/sy stemd-tmpfiles/clamd.scan.conf` just on install for some reason `/bin/systemd-tmpfiles --create /bin/systemd-tmpfiles/clamd.scan.conf`was not running at first time and on upgrade also haven't run .
FEDORA-EPEL-2021-a155b86ae4 has been pushed to the Fedora EPEL 8 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-EPEL-2021-c8e1a564bf has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report.