Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 709780 - app-antivirus/clamav: logrotate script uses /var/run instead of /run and should probably be simplified
Summary: app-antivirus/clamav: logrotate script uses /var/run instead of /run and shou...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Antivirus Team
URL: https://bugzilla.clamav.net/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks: 830306
  Show dependency tree
 
Reported: 2020-02-16 08:31 UTC by Hanno Böck
Modified: 2021-12-30 17:04 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2020-02-16 08:31:53 UTC 
The logrotate script for clamd contains this (and a similar line for freshclamd):

/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true

This uses /var/run, which is deprecated and should be /run.

Furthermore the 2>/dev/null and || true seem odd to me and I wonder what motivates it. It seems this would cause all problems to be hidden. When one of these commands throws an error or returns false the admin should probably know about this.
Comment 1 Michael Orlitzky gentoo-dev 2020-02-16 16:20:24 UTC 
Thanks, I already noticed the PID file location (in $URL, but it's restricted), but we need an upstream fix before I start messing with the PID file locations. The current path is a security risk, because in the logrotate script, that's root calling `kill` on the contents of a file that is owned by an unprivileged user. In my opinion clamd/freshclam should create the PID files as root, and then we can put them in e.g. /run/clamd.pid where they belong.

As for the error handling: you're probably right. I'll remove it from the logrotate script on our MX and see if anything bad happens.
Comment 2 Larry the Git Cow gentoo-dev 2020-09-23 03:34:46 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76622421052176c051df0c19a518d6c064aa5e5e

commit 76622421052176c051df0c19a518d6c064aa5e5e
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2020-09-22 13:24:36 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2020-09-23 03:23:24 +0000

    app-antivirus/clamav: new logrotate files for v0.103.0.
    
    Now that each ClamAV daemon has its own OpenRC service, we
    separate the logrotate entries as well. This fixes an old
    bug where we relied on the service manager being OpenRC.
    
    Closes: https://bugs.gentoo.org/508520
    Closes: https://bugs.gentoo.org/709780
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

 app-antivirus/clamav/clamav-0.103.0.ebuild         |  5 ++++-
 app-antivirus/clamav/files/clamav-milter.logrotate | 25 ++++++++++++++++++++++
 app-antivirus/clamav/files/clamd.logrotate         | 17 +++++++++++++++
 app-antivirus/clamav/files/freshclam.logrotate     | 17 +++++++++++++++
 4 files changed, 63 insertions(+), 1 deletion(-)