Re: security/clamav: /ar/run on TMPFS renders the port broken by design

From: FreeBSD User <freebsd_at_walstatt-de.de>
Date: Sat, 27 Aug 2022 13:21:38 UTC
Am Sat, 27 Aug 2022 13:16:43 +0200
tuexen@freebsd.org schrieb:

> > On 27. Aug 2022, at 08:30, FreeBSD User <freebsd@walstatt-de.de> wrote:
> > 
> > Hello,
> > 
> > I'm referencing to Bug 259699 [2] and Bug 259585 [1].
> > 
> > Port security/clamav is without doubt for many of FreeBSD users an important piece of
> > security software so I assume a widespread usage.
> > 
> > It is also a not uncommon use case to use NanoBSD or any kind of low-memory-footprint
> > installation schemes in which /var/run - amongst other system folders - are created at boot
> > time as TMPFS and highly volatile.
> > 
> > In our case, the boxes running a small security appliance based upon FreeBSD is rebooted
> > every 24 hours and so /var/run is vanishing.  
> Why are you rebooting every 24 hours?

The appliance has to be on a non-writable medium and is to be rebooted every 24 hours to
cleanse temporary memory. This is given in the specs and by the department(s) the appliance
is for. 

Kind regards
> 
> Best regards
> Michael
> > 
> > To make the long story short:
> > 
> > The solution for this problem would be a check for existence and take action addendum in
> > precmd() routine of the rc-script as sketched in Bug 259699.
> > The maintainer rejects such a workaround by arguing this would violate POLA (see comment 4
> > in PR 259699 [2]. The maintainer's argument regaring to mtree's files are sound to me.
> > 
> > The question is: how can this issue be solved?
> > 
> > It is really hard to always chenge our local repository and patch whenever clamav has been
> > patched and modified for what reason ever.
> > 
> > Tahanks for reading,
> > 
> > kind regards
> > 
> > O. Hartmann
> > 
> > [1] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259585
> > [2] https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259699
> > 
> > 
> > -- 
> > O. Hartmann
> >   
> 
> 



-- 
O. Hartmann