security/clamav: /ar/run on TMPFS renders the port broken by design
- Reply: Michael Gmelin : "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
- Reply: Gleb Popov : "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
- Reply: tuexen_a_freebsd.org: "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 27 Aug 2022 06:30:15 UTC
Hello, I'm referencing to Bug 259699 [2] and Bug 259585 [1]. Port security/clamav is without doubt for many of FreeBSD users an important piece of security software so I assume a widespread usage. It is also a not uncommon use case to use NanoBSD or any kind of low-memory-footprint installation schemes in which /var/run - amongst other system folders - are created at boot time as TMPFS and highly volatile. In our case, the boxes running a small security appliance based upon FreeBSD is rebooted every 24 hours and so /var/run is vanishing. To make the long story short: The solution for this problem would be a check for existence and take action addendum in precmd() routine of the rc-script as sketched in Bug 259699. The maintainer rejects such a workaround by arguing this would violate POLA (see comment 4 in PR 259699 [2]. The maintainer's argument regaring to mtree's files are sound to me. The question is: how can this issue be solved? It is really hard to always chenge our local repository and patch whenever clamav has been patched and modified for what reason ever. Tahanks for reading, kind regards O. Hartmann [1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259585 [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259699 -- O. Hartmann