#1123913 clamav-daemon: clamd tries to read /sys/fs/cgroup/system.slice/cpu.max and fails

Package:
clamav-daemon
Source:
clamav-daemon
Description:
anti-virus utility for Unix - scanner daemon
Submitter:
Ralf Bergs
Date:
2026-06-28 15:54:06 UTC
Severity:
normal
#1123913#5
Date:
2025-12-23 20:50:27 UTC
From:
To:
Dear Maintainer,

I'm seeing occasional errors like the below in syslog:

2025-11-22T12:27:24.229084+00:00 myhost kernel: audit: type=1400 audit(1763814444.221:134): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/clamd" name="/sys/fs/cgroup/system.slice/cpu.max" pid=1282 comm="clamd" requested_mask="r" denied_mask="r" fsuid=112 ouid=0

It seems that the apparmor profile needs to be amended to allow clamd to read this file. It seems to be a minor issue, though, as clamd can continue operating.

Many thanks in advance for looking into this.

Kind regards,

Ralf
--- data dir ---
total 315916
-rw-r--r-- 1 clamav clamav   1369088 Sep 11 13:05 bytecode.cld
-rw-r--r-- 1 clamav clamav  85770752 Dec 23 08:19 daily.cld
-rw-r--r-- 1 clamav clamav        69 Jun 15  2023 freshclam.dat
-rw-r--r-- 1 clamav clamav 236346880 Dec 17 00:17 main.cld
#1123913#10
Date:
2026-06-28 15:53:43 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
clamav, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1123913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Andrzej Siewior <sebastian@breakpoint.cc> (supplier of updated clamav package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sun, 28 Jun 2026 17:24:13 +0200
Source: clamav
Architecture: source
Version: 1.4.4+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: ClamAV Team <pkg-clamav-devel@lists.alioth.debian.org>
Changed-By: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Closes: 1043428 1089046 1092882 1103001 1123913 1134489 1136481 1138312 1138938
Changes:
 clamav (1.4.4+dfsg-2) unstable; urgency=medium
 .
   [ Sebastian Andrzej Siewior ]
   * Get it compiled aganst OpenSSL 4.0 (Closes: #1138312).
   * Depend on procps for pidof in tests (Closes: #1136481).
   * Update apparmor profile for clamd (Closes: #1092882, #1123913).
   * Remove Scott from the uploads. Thank you for all what you done
     (Closes: 1138938).
   * Don't Enable freshclam once+timer by default (Closes: #1134489).
   * Mention in the README.Debian that clamAV AppArmor profiles do not allow
     OnAccess scanning ("Closes: #1043428).
   * Add Romanian debconf templates translation (Closes: #1103001).
 .
   [ Helmut Grohne ]
   * Improve cross building: (Closes: #1089046)
     + Skip tests in arch-only build with DEB_BUILD_OPTIONS=nocheck.
     + Skip doxygen in arch-only build.
     + Demote/annotate conditional dependencies.
 .
   [ Pétur Ingi Egilsson ]
   * clamav-daemon.postinst.in: honour "none" as a way to disable
     the LogFile directive.
Checksums-Sha1:
 b40da3cf75caf275135885730688832882efa068 3042 clamav_1.4.4+dfsg-2.dsc
 70f79aa4c2ea4b1fa71ea8b2eb1b1cca98b5e316 521176 clamav_1.4.4+dfsg-2.debian.tar.xz
Checksums-Sha256:
 5706de641944f221c69068407f1c5d01c418369c0b3f3f8a9fa7683f41180d08 3042 clamav_1.4.4+dfsg-2.dsc
 101b1183c3faa6aeee7af74ea94fb8a3ea7b25908f43923953510a102a6169b0 521176 clamav_1.4.4+dfsg-2.debian.tar.xz
Files:
 f7db0c0b749b0e676867985b25cf9ea2 3042 utils optional clamav_1.4.4+dfsg-2.dsc
 970a0370a3c118dcc1ceaf1d5cf891e4 521176 utils optional clamav_1.4.4+dfsg-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEV4kucFIzBRM39v3RBWQfF1cS+lsFAmpBPPAACgkQBWQfF1cS
+lu+BAwAnKObBrkAFdfo30PvOUYOhrogKiXAuuc+VQF91UL2Qjh4VEYILXU0xxP0
evhAc+6hT8sJc7ykvtS4IuOgKPiTYjBx1K0XhUpEFSyIU1kCLhFcTDVoubHbtYA7
tco6uU3YNaV5nvZY3pr4LACcg147Ck4fsRnAZCmSgW9YKha7KKEO4xTTEFta8nuR
98H8b9F49GBEFx0rpD7CffUzE1t0jeZyx83mNekeb6jSHupHSOPx5EcMK7MMts6l
RGeE1QTU4JrbmcoZ6ftsjVAmOS5zvs0RHB/7uP/QIOTNDlNOF/likHNKdigQi0nV
TWtRasfP85ekBYNRJPk4pQofe1aiH15jh3mhF7lKv7zCvm/hzOJL1wFYVUiCbBwn
l2cV3aJFxsO+JbATxHkRI3hP3Gx6G77W3nmSmruTFZeVsCLZNMZa8bkgReTaO+T+
4efH52vbXNkalb4No6FGB8WkpLxkHTFa6S4dLqoMOh3gJ4PxEKXpPvUmFsQBLic8
PXmk9wvb
=bR0i
-----END PGP SIGNATURE-----