Re: security/clamav: /ar/run on TMPFS renders the port broken by design

Reply: FreeBSD User : "Re: security/clamav: /ar/run on TMPFS renders the port broken by design"
In reply to: FreeBSD User : "security/clamav: /ar/run on TMPFS renders the port broken by design"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Michael Gmelin <grembo_at_freebsd.org>
Date: Sat, 27 Aug 2022 09:21:40 UTC


> On 27. Aug 2022, at 08:31, FreeBSD User <freebsd@walstatt-de.de> wrote:
> 
> Hello,
> 
> I'm referencing to Bug 259699 [2] and Bug 259585 [1].
> 
> Port security/clamav is without doubt for many of FreeBSD users an important piece of security
> software so I assume a widespread usage.
> 
> It is also a not uncommon use case to use NanoBSD or any kind of low-memory-footprint
> installation schemes in which /var/run - amongst other system folders - are created at boot
> time as TMPFS and highly volatile.
> 
> In our case, the boxes running a small security appliance based upon FreeBSD is rebooted every
> 24 hours and so /var/run is vanishing.
> 
> To make the long story short:
> 
> The solution for this problem would be a check for existence and take action addendum in
> precmd() routine of the rc-script as sketched in Bug 259699.
> The maintainer rejects such a workaround by arguing this would violate POLA (see comment 4 in
> PR 259699 [2]. The maintainer's argument regaring to mtree's files are sound to me.
> 
> The question is: how can this issue be solved?
> 
> It is really hard to always chenge our local repository and patch whenever clamav has been
> patched and modified for what reason ever.
> 
> Tahanks for reading,
> 

Why don’t you simply add an rc script to your appliance that creates the missing directory/directories on boot before clamav is started?

Best
Michael