Re: security/clamav: /ar/run on TMPFS renders the port broken by design

In reply to: Michael Gmelin : "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Jamie Landeg-Jones <jamie_at_catflap.org>
Date: Sat, 27 Aug 2022 15:26:15 UTC

Michael Gmelin <grembo@FreeBSD.org> wrote:

> I like the idea of having something like tmpfiles.d, it would also help port maintainers (could also be done as a port).

I use tmpfs for /var/run and already have such a script for this very reason
(although not clamav)

I would have thought each port startup script should ensure it's file/directory
exists before attempting to launch - having "tmpfiles.d" would still require
some changes for the port maintainer to make to their port, but I guess it
may help to keep things centralised.

I'm willing to "standardise" my script if it would help, but as it stands, you
can see it here:

http://freebsd.dyslexicfish.net/src/

15:47 (71) "~/x" jamie@newbie% cat /usr/common/etc/var_run.mtree
# File/Directory        User           Group        Perms
#
distccd.pid             distcc         distcc         640
ntop/                   ntop           ntop           750
nsd/                    nsd            nsd            750
netdata/                netdata        netdata        750
screens/                root           wheel         1777
sshdbanner/             sshdbanner     sshdbanner     755
spamd/                  spamd          spamd          750
symon.pid               _symon         _symon         640
symux.pid               _symon         _symon         640
vnstat/                 vnstat         vnstat         750