Re: security/clamav: /ar/run on TMPFS renders the port broken by design

Reply: Cy Schubert : "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
In reply to: Michael Gmelin : "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Juraj Lutter <otis_at_FreeBSD.org>
Date: Sat, 27 Aug 2022 13:38:44 UTC


> On 27 Aug 2022, at 15:27, Michael Gmelin <grembo@freebsd.org> wrote:
> 
> 
> 
>> On 27. Aug 2022, at 15:18, freebsd@oldach.net wrote:
>> 
>> Michael Gmelin wrote on Sat, 27 Aug 2022 15:02:04 +0200 (CEST):
>>> (you're removing /var/run, which shouldn't be removed
>> 
>> Not quite. It's actually not uncommon to boot with an empty /var. Please see /etc/rc.d/var and related.
> 
> That’s a good point.
> 
>> The request that ports/packages should consider this case is not exactly unreasonable IMO.
>> 
> 
> If I was the maintainer, I would simply add the code to create the directory for robustness sake (I for one deleted subdirs in /var/run more than once and would expect a port to fix this on restart, also to make sure correct permissions are applied). But since it doesn’t seem like this is going to happen, adding a custom rc file would be a viable short term workaround for the requester.
> 
> I like the idea of having something like tmpfiles.d, it would also help port maintainers (could also be done as a port).
> 

As I have stated in one of those PR: clamd creates file in two locations:

- PidFile
- LocalSocket

Both the locations could be checked by rc.d script in clamd.conf (also freshclam eventually) and respective directories can be created from within start_precmd()

otis

—
Juraj Lutter
otis@FreeBSD.org