Date: Sat, 27 Aug 2022 15:38:44 +0200 From: Juraj Lutter <otis@FreeBSD.org> To: Michael Gmelin <grembo@freebsd.org> Cc: freebsd@oldach.net, freebsd-current@freebsd.org, freebsd-ports@freebsd.org, yasu@freebsd.org, freebsd@walstatt-de.de Subject: Re: security/clamav: /ar/run on TMPFS renders the port broken by design Message-ID: <C908E5B5-3A02-4CB1-9F6F-E58BB2984448@FreeBSD.org> In-Reply-To: <E3110EFB-EF59-40C3-ACBF-496C7F309B49@freebsd.org> References: <202208271318.27RDI9Jd044045@nuc.oldach.net> <E3110EFB-EF59-40C3-ACBF-496C7F309B49@freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] > On 27 Aug 2022, at 15:27, Michael Gmelin <grembo@freebsd.org> wrote: > > > >> On 27. Aug 2022, at 15:18, freebsd@oldach.net wrote: >> >> Michael Gmelin wrote on Sat, 27 Aug 2022 15:02:04 +0200 (CEST): >>> (you're removing /var/run, which shouldn't be removed >> >> Not quite. It's actually not uncommon to boot with an empty /var. Please see /etc/rc.d/var and related. > > That’s a good point. > >> The request that ports/packages should consider this case is not exactly unreasonable IMO. >> > > If I was the maintainer, I would simply add the code to create the directory for robustness sake (I for one deleted subdirs in /var/run more than once and would expect a port to fix this on restart, also to make sure correct permissions are applied). But since it doesn’t seem like this is going to happen, adding a custom rc file would be a viable short term workaround for the requester. > > I like the idea of having something like tmpfiles.d, it would also help port maintainers (could also be done as a port). > As I have stated in one of those PR: clamd creates file in two locations: - PidFile - LocalSocket Both the locations could be checked by rc.d script in clamd.conf (also freshclam eventually) and respective directories can be created from within start_precmd() otis — Juraj Lutter otis@FreeBSD.org [-- Attachment #2 --] <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On 27 Aug 2022, at 15:27, Michael Gmelin <<a href="mailto:grembo@freebsd.org" class="">grembo@freebsd.org</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""><br class=""><br class=""><blockquote type="cite" class="">On 27. Aug 2022, at 15:18, <a href="mailto:freebsd@oldach.net" class="">freebsd@oldach.net</a> wrote:<br class=""><br class="">Michael Gmelin wrote on Sat, 27 Aug 2022 15:02:04 +0200 (CEST):<br class=""><blockquote type="cite" class="">(you're removing /var/run, which shouldn't be removed<br class=""></blockquote><br class="">Not quite. It's actually not uncommon to boot with an empty /var. Please see /etc/rc.d/var and related.<br class=""></blockquote><br class="">That’s a good point.<br class=""><br class=""><blockquote type="cite" class="">The request that ports/packages should consider this case is not exactly unreasonable IMO.<br class=""><br class=""></blockquote><br class="">If I was the maintainer, I would simply add the code to create the directory for robustness sake (I for one deleted subdirs in /var/run more than once and would expect a port to fix this on restart, also to make sure correct permissions are applied). But since it doesn’t seem like this is going to happen, adding a custom rc file would be a viable short term workaround for the requester.<br class=""><br class="">I like the idea of having something like tmpfiles.d, it would also help port maintainers (could also be done as a port).<br class=""><br class=""></div></div></blockquote><div><br class=""></div>As I have stated in one of those PR: clamd creates file in two locations:</div><div><br class=""></div><div>- PidFile</div><div>- LocalSocket</div><div><br class=""></div><div>Both the locations could be checked by rc.d script in clamd.conf (also freshclam eventually) and respective directories can be created from within start_precmd()</div><div><br class=""></div><div>otis</div><div><br class=""></div><div class=""> <meta charset="UTF-8" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>—</div><div>Juraj Lutter</div><div><a href="mailto:otis@FreeBSD.org" class="">otis@FreeBSD.org</a></div></div> </div> <br class=""></body></html>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C908E5B5-3A02-4CB1-9F6F-E58BB2984448>