Date: Sat, 27 Aug 2022 15:21:38 +0200 From: FreeBSD User <freebsd@walstatt-de.de> To: freebsd-current@freebsd.org Subject: Re: security/clamav: /ar/run on TMPFS renders the port broken by design Message-ID: <20220827152205.76d9df57@thor.intern.walstatt.dynvpn.de> In-Reply-To: <F50DBD11-4438-46DA-9C9D-61CA5839395C@freebsd.org> References: <20220827083042.73e7f439@thor.intern.walstatt.dynvpn.de> <F50DBD11-4438-46DA-9C9D-61CA5839395C@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Am Sat, 27 Aug 2022 13:16:43 +0200 tuexen@freebsd.org schrieb: > > On 27. Aug 2022, at 08:30, FreeBSD User <freebsd@walstatt-de.de> wrote: > > > > Hello, > > > > I'm referencing to Bug 259699 [2] and Bug 259585 [1]. > > > > Port security/clamav is without doubt for many of FreeBSD users an important piece of > > security software so I assume a widespread usage. > > > > It is also a not uncommon use case to use NanoBSD or any kind of low-memory-footprint > > installation schemes in which /var/run - amongst other system folders - are created at boot > > time as TMPFS and highly volatile. > > > > In our case, the boxes running a small security appliance based upon FreeBSD is rebooted > > every 24 hours and so /var/run is vanishing. > Why are you rebooting every 24 hours? The appliance has to be on a non-writable medium and is to be rebooted every 24 hours to cleanse temporary memory. This is given in the specs and by the department(s) the appliance is for. Kind regards > > Best regards > Michael > > > > To make the long story short: > > > > The solution for this problem would be a check for existence and take action addendum in > > precmd() routine of the rc-script as sketched in Bug 259699. > > The maintainer rejects such a workaround by arguing this would violate POLA (see comment 4 > > in PR 259699 [2]. The maintainer's argument regaring to mtree's files are sound to me. > > > > The question is: how can this issue be solved? > > > > It is really hard to always chenge our local repository and patch whenever clamav has been > > patched and modified for what reason ever. > > > > Tahanks for reading, > > > > kind regards > > > > O. Hartmann > > > > [1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259585 > > [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259699 > > > > > > -- > > O. Hartmann > > > > -- O. Hartmann
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20220827152205.76d9df57>