Re: security/clamav: /ar/run on TMPFS renders the port broken by design
- In reply to: FreeBSD User : "security/clamav: /ar/run on TMPFS renders the port broken by design"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 27 Aug 2022 07:18:31 UTC
Hello, Maybe you can use a shell script that creates the directory with @reboot at cron. If this doesn't work (not sure if clamav starts before cron), then maybe you can use monit to create the directory and start clamav. Kind regards, Christos Chatzaras > On 27 Aug 2022, at 09:30, FreeBSD User <freebsd@walstatt-de.de> wrote: > > Hello, > > I'm referencing to Bug 259699 [2] and Bug 259585 [1]. > > Port security/clamav is without doubt for many of FreeBSD users an important piece of security > software so I assume a widespread usage. > > It is also a not uncommon use case to use NanoBSD or any kind of low-memory-footprint > installation schemes in which /var/run - amongst other system folders - are created at boot > time as TMPFS and highly volatile. > > In our case, the boxes running a small security appliance based upon FreeBSD is rebooted every > 24 hours and so /var/run is vanishing. > > To make the long story short: > > The solution for this problem would be a check for existence and take action addendum in > precmd() routine of the rc-script as sketched in Bug 259699. > The maintainer rejects such a workaround by arguing this would violate POLA (see comment 4 in > PR 259699 [2]. The maintainer's argument regaring to mtree's files are sound to me. > > The question is: how can this issue be solved? > > It is really hard to always chenge our local repository and patch whenever clamav has been > patched and modified for what reason ever. > > Tahanks for reading, > > kind regards > > O. Hartmann > > [1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259585 > [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259699 > > > -- > O. Hartmann >