Closed strasszer closed 4 months ago
As a part of the daemonizing the clamd
, freshclam
, clamav-milter
, and clamonacc
processes, ClamAV replaces the standard file descriptors (0: stdin
, 1: stdout
, 2: stderr
) with readonly or writeonly file descriptors that point to /dev/null
). In this way, those file descriptor values 0, 1, and 2, are reserved and no newly opened files will use those values which could cause unexpected problems later if some code attempts to write directly to stdout
, for example.
In short, yes this is expected.
If you run clamd with -F
or --foreground
you should not run into this issue. But then it won't daemonize/run in the background.
If you run clamd with
-F
or--foreground
you should not run into this issue. But then it won't daemonize/run in the background.
We already use it in foreground, with clam.conf
Foreground yes
option.
Describe the bug
Even after configuring TemporaryDirectory, ClamAV needs write access to /dev/null.
How to reproduce the problem
Start ClamAV in docker, apply the
deny /dev/** wl
AppArmor config and start the service. ClamAV fails on initialization.