Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 13348 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Linux / PostgreSQL / on-access scan resulting in "Operation not permitted" errors while using "talpa"

edrevpac

Hello team,

We have Sophos AV installed on a few CentOS 7 machines and it seems to be causing some errors when trying to export the PostgreSQL data. The issue is not systematic and seems to happen randomly a few times a week on each VM, but is causing our database backups to fail when they occur. This issue started happening on the day Sophos AV was installed and affects only PostgreSQL.

I have added the PostgreSQL ../base* and ../global* paths to the exclusion list, but this appears to have had no effect.

We are using "talpa" instead of "fanotify" based on the information from here community.sophos.com/.../118216. We are not currently using CIFS/SMB on any of out PostgreSQL linux machines.

Please assist.


OS: CentOS 7
Kernel: 3.10.0-862.11.6.el7.x86_64
AV version: Sophos Anti-Virus = 9.15.0, Build Revision = 2767612
PostgreSQL version: 9.6

Savlog:
2018-09-04 11:02:59: savd.daemon Sophos Anti-Virus daemon started.
2018-09-04 11:03:06: savd.daemon On-access scanning enabled using talpa.

PostgreSQL error:
pg_dump: archiver (db) connection to database "postgres" failed: FATAL: could not open file "global/2676": Operation not permitted
pg_dumpall: pg_dump failed on database "postgres", exiting


Regards,
Radu



This thread was automatically locked due to age.
  • 0 in reply to edrevpac

    I'm afraid none of those are the talpa/kernel lines that are required.

     

    There should be some log file that contains talpa and kernel syslog lines, that should help explain why access to the file is being blocked.

  • 0 in reply to DouglasLeeder

    Hello Douglas,

     

    I have instituted kernel logging on 2 machines, but as luck would have it, the error did not reappear on them.

    I did however occur on another PostgreSQL machine, and this time It took down the whole database service.

     

    For the time being we have opted to disable on-access scanning completely on all PostgreSQL machines as it is starting to affect our operation.

     

    I will continue to perform some localized testing and will return with updates, if any useful information comes out of it.

     

    Thank you for your help with this.

     

    Regards,

    Radu

Unfiltered HTML