This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I recently tried to install a new ubuntu kernel (4.10.0-22). It failed, it seems due to Sophos.

I recently tried to install the latest kernel for ubuntu 17.04 - 4.10.0-22.  It kept failing saying an "operation was not permitted".  When I reported this on the ubuntu bug tracker it was suggested I turn off anti-virus and try again. 

I disabled the on-access scan and tried again, and installation worked.

I had no warnings or alerts from sophos.  I checked that the sophos warnings and emails were on and worked (I tested using the test virus file) and that all worked.

So, somehow sophos is preventing a file access.  I am on the latest version, including talpa.

The ubuntu report with full details is at https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1696132 

Regards



This thread was automatically locked due to age.
Parents
  • Hello

    I had the same issue.

    Exemple

     

    root@debian:/# apt install linux-image-4.19.0-2-amd64-unsigned
    dpkg: erreur de traitement de l'archive /var/cache/apt/archives/linux-image-4.19.0-2-amd64-unsigned_4.19.16-1_amd64.deb (--unpack) :
    impossible d'ouvrir « /lib/modules/4.19.0-2-amd64/kernel/drivers/net/ethernet/chelsio/libcxgb/libcxgb.ko.dpkg-new »: Opération non permise

     

    Can't open the file, is it because the dpkg-new extension?

    After 

     

    systemctl stop sav-protect.service

     

    Everything is ok

  • Running systemctl like that will disable SAV entirely, so it won't be protecting your system.

     

    The previous person was using fanotify, so you could check if you are using fanotify or talpa, to see if you have the same issue.

     

    Unfortunately fanotify gives less information about why it is blocking access, so unless the SAV log shows why it's blocking access.

Reply
  • Running systemctl like that will disable SAV entirely, so it won't be protecting your system.

     

    The previous person was using fanotify, so you could check if you are using fanotify or talpa, to see if you have the same issue.

     

    Unfortunately fanotify gives less information about why it is blocking access, so unless the SAV log shows why it's blocking access.

Children