clamd: ERROR: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied

Question

For the past 13 days or so (I have a daily job) it seems I'm no longer able to install ClamAV on a clean image of Centos 7.

/var/log/messages

Sep 16 14:54:52 ip-172-31-42-25 systemd: Starting clamd scanner (scan) daemon...
Sep 16 14:54:52 ip-172-31-42-25 clamd[25456]: Received 0 file descriptor(s) from systemd.
Sep 16 14:54:52 ip-172-31-42-25 clamd[25456]: clamd daemon 0.103.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 16 14:54:52 ip-172-31-42-25 clamd[25456]: Log file size limited to 1048576 bytes.
Sep 16 14:54:52 ip-172-31-42-25 clamd[25456]: Reading databases from /var/lib/clamav
Sep 16 14:54:52 ip-172-31-42-25 clamd[25456]: Not loading PUA signatures.
Sep 16 14:54:52 ip-172-31-42-25 clamd[25456]: Bytecode: Security mode set to "TrustSigned".
Sep 16 14:55:07 ip-172-31-42-25 clamd[25456]: Loaded 8565181 signatures.
Sep 16 14:55:10 ip-172-31-42-25 clamd[25456]: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied
Sep 16 14:55:10 ip-172-31-42-25 clamd: ERROR: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied
Sep 16 14:55:10 ip-172-31-42-25 clamd: ERROR: LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory
Sep 16 14:55:10 ip-172-31-42-25 clamd[25456]: LOCAL: Socket file /var/run/clamd.scan/clamd.sock could not be bound: No such file or directory
Sep 16 14:55:10 ip-172-31-42-25 systemd: [email protected]: control process exited, code=exited status=1
Sep 16 14:55:10 ip-172-31-42-25 systemd: Failed to start clamd scanner (scan) daemon.
Sep 16 14:55:10 ip-172-31-42-25 systemd: Unit [email protected] entered failed state.
Sep 16 14:55:10 ip-172-31-42-25 systemd: [email protected] failed.
Sep 16 14:55:10 ip-172-31-42-25 systemd: [email protected] holdoff time over, scheduling restart.

Directory

ls -la /var/run
lrwxrwxrwx. 1 root root 6 Oct 30  2020 /var/run -> ../run

ls -la /var/run/
total 36
drwxr-xr-x. 26 root   root    800 Sep 16 12:02 .

OS

cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)

Nothing blocked by SELinux as far as I see

[root@ip-172-31-42-25 centos]# audit2allow -a -w
[root@ip-172-31-42-25 centos]#

Now, this is part of the CI/CD so I guess I could add a step to create the directory in advance. But is that the right solution?

As I see clam starts as root and should have permissions to create the directory?

Thanks in advance

score 2 · Answer 1 · answered Oct 02 '21 at 19:34

2

mkdir /var/run/clamd.scan

chown clamscan:clamscan /var/run/clamd.scan

systemctl restart clamd@scan

answered Oct 02 '21 at 19:34

Ed B.

21
1

1

this is about an upstream change which introduced an error and made the clamav unable to be properly installed (with its directories initialized) - of course I can do it myself, but that's not the point, see the discussion at https://bugzilla.redhat.com/show_bug.cgi?id=2006490 – Pedro Oct 03 '21 at 16:30

clamd: ERROR: LOCAL: Could not create socket directory: /var/run/clamd.scan: Permission denied

1 Answers1