[Avcheck] uchroot problem

[Michael Tokarev]

Saz Az wrote:
> 
> Hi avcheck list.
> 
> first than all, sorry for my english.

Fine with me.

> My problem is when i try to configurate the chroot, the fact is when i 
> execute " /var/spool/avp/uchroot -u avdaemon /var/spool/avp " i get the 
> following :
> "uchroot: unable to execute /bin/fase: Opertation no permitted."

You gave no command to execute, so by default, [u]chroot executes a
shell found in /etc/passwd, which is, in your case, /bin/false.  You
may want to specify which command to run, i.e.

/var/spool/avp/uchroot -u avdaemon /var/spool/avp /kavdaemon

(if kavdaemon is in /var/spool/avp).

It's interesting, however, why it returns this error message - if there
IS /var/spool/avp/bin/false command (which shouldn't be there), I think
your spool (or /var) directory is mounted with noexec flag, and if that's
the case, you'll not be able to execute anything.  But uchroot itself
IS executable - which looks interesting.

> the user avdaemon was created like the README.AVP say.
> 
> As far i know, this is the only way to execute avcheck + kavdaemon, 
> because if i dont do it, the program will not run under root, giving me 
> a message like
> "avcheck: do not allow BUGGY antivirus daemon to run as this user"

You may execute it as user (not as root) with usual means - e.g.

  su avcheck -c "/some/where/kavdaemon args..."

In any case, you'll need to specify where to create control socket,
as kavdaemon will try it in /var/run by default (which is owned by
root).  Also, you'll have to modify avcheck's commandline accordingly
(and if kavdaemon will run not in chroot environment, do remove /./
from avcheck's -s argument).

This error message avcheck gives is intentional - never ever try to
run some unknown software as root, especially such a complex task as
virus scanning.  I don't know why almost all antivirus vendors sugests
to run their products as root user, sometimes even listening on the
network - this is a *very bad idea*.

/mjt