Date: Sat, 27 Aug 2022 08:26:38 -0700 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Juraj Lutter <otis@FreeBSD.org>, freebsd@walstatt-de.de Cc: Michael Gmelin <grembo@freebsd.org>, freebsd@oldach.net, freebsd-current@freebsd.org, freebsd-ports@freebsd.org, yasu@freebsd.org Subject: Re: security/clamav: /ar/run on TMPFS renders the port broken by design Message-ID: <20220827082638.57901a72@slippy> In-Reply-To: <C908E5B5-3A02-4CB1-9F6F-E58BB2984448@FreeBSD.org> References: <202208271318.27RDI9Jd044045@nuc.oldach.net> <E3110EFB-EF59-40C3-ACBF-496C7F309B49@freebsd.org> <C908E5B5-3A02-4CB1-9F6F-E58BB2984448@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27 Aug 2022 15:38:44 +0200 Juraj Lutter <otis@FreeBSD.org> wrote: > > On 27 Aug 2022, at 15:27, Michael Gmelin <grembo@freebsd.org> wrote: > > > > > > > >> On 27. Aug 2022, at 15:18, freebsd@oldach.net wrote: > >> > >> Michael Gmelin wrote on Sat, 27 Aug 2022 15:02:04 +0200 (CEST): > >>> (you're removing /var/run, which shouldn't be removed > >> > >> Not quite. It's actually not uncommon to boot with an empty /var. Please see /etc/rc.d/var and related. > > > > That’s a good point. > > > >> The request that ports/packages should consider this case is not exactly unreasonable IMO. > >> > > > > If I was the maintainer, I would simply add the code to create the directory for robustness sake (I for one deleted subdirs in /var/run more than once and would expect a port to fix this on restart, also to make sure correct permissions are applied). But since it doesn’t seem like this is going to happen, adding a custom rc file would be a viable short term workaround for the requester. > > > > I like the idea of having something like tmpfiles.d, it would also help port maintainers (could also be done as a port). > > > > As I have stated in one of those PR: clamd creates file in two locations: > > - PidFile > - LocalSocket > > Both the locations could be checked by rc.d script in clamd.conf (also freshclam eventually) and respective directories can be created from within start_precmd() > > otis > > — > Juraj Lutter > otis@FreeBSD.org > As stated before in this thread, replacing /var/run with tmpfs is not a supported configuration. However if users wish to replace /var/run with tmpfs they can create an rc script (I put my extra rc scripts in /etc/local/rc.d) to create the hierarc If one does this they can either use mtree(1) to create the hierarchy or simply take a snapshot (find /var/run -type d | cpio -o > /etc/local/my_var_run.cpio), having their rc script recreate the hierarchy using cpio -i < /etc/local/my_var_run.cpio). And be periodically updated the archive as needed, probably through a shutdown script. One will notice that /etc/mtree/BSD.var.dist shows us what is created in /var/run by default during installworld. The change requested is not specifically for an individual port but essentially a FreeBSD-wide infrastructure change. I don't think this is reasonable without a lot of consideration about what will be broken during the process of changing build and boot processes and the potential POLA fallout from such a change. A change like this needs to be architected. I don't think this is the mailing list to discuss this topic. This should be discussed on ports@. Not here. Maybe it should be moved there as this is a ports not a base O/S issue. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: http://www.FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220827082638.57901a72>