[gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/tmpfiles.d/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/tmpfiles.d/
@ 2024-01-16  1:45 Michael Orlitzky
  0 siblings, 0 replies; only message in thread
From: Michael Orlitzky @ 2024-01-16  1:45 UTC (permalink / raw
  To: gentoo-commits

commit:     873ea574ea7e050bd7f1a7d4297528d3b2e5592e
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 16 01:14:32 2024 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Tue Jan 16 01:35:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=873ea574

app-antivirus/clamav: fix LTS socket permissions under systemd

Bug: https://bugs.gentoo.org/921617
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 .../{clamav-0.103.11.ebuild => clamav-0.103.11-r1.ebuild}     | 11 ++++-------
 app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf          |  1 +
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/app-antivirus/clamav/clamav-0.103.11.ebuild b/app-antivirus/clamav/clamav-0.103.11-r1.ebuild
similarity index 94%
rename from app-antivirus/clamav/clamav-0.103.11.ebuild
rename to app-antivirus/clamav/clamav-0.103.11-r1.ebuild
index 7b1697a7e55c..d35dd66922a0 100644
--- a/app-antivirus/clamav/clamav-0.103.11.ebuild
+++ b/app-antivirus/clamav/clamav-0.103.11-r1.ebuild
@@ -121,13 +121,10 @@ src_install() {
 	if ! use libclamav-only ; then
 		if use systemd; then
 			# The tmpfiles entry is behind USE=systemd because the
-			# upstream OpenRC service files should (and do) ensure that
-			# the directories they need exist and have the correct
-			# permissions without the help of opentmpfiles. There are
-			# years-old root exploits in opentmpfiles, the design is
-			# fundamentally flawed, and the maintainer is not up to
-			# the task of fixing it.
-			dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
+			# OpenRC service scripts should (and do) ensure that the
+			# directories they need exist and have the correct
+			# permissions without the help of tmpfiles.
+			newtmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" clamav.conf
 			systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
 			systemd_dounit "${FILESDIR}/clamd.service"
 			systemd_newunit "${FILESDIR}/freshclamd.service-r1" \

diff --git a/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf b/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf
new file mode 100644
index 000000000000..22d29941ea02
--- /dev/null
+++ b/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf
@@ -0,0 +1 @@
+d /run/clamav 0755 clamav clamav


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2024-01-16  1:46 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-16  1:45 [gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/tmpfiles.d/ Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox