Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 653018

Summary: mail-filter/dcc: /etc/dcc/map should be relocated under /var
Product: Gentoo Linux Reporter: Christian Holpert <christian>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: CONFIRMED ---    
Severity: normal CC: antivirus, christian, jstein, net-mail+disabled
Priority: Normal Keywords: PATCH
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Christian Holpert 2018-04-12 14:01:02 UTC 
In amavisd-new, current version 2.11.0-r3 (and older versions probably), the systemd-unit prohibits write-access to config-files when spamassassin with DCC-Plugin (mail-filter/dcc-1.3.158) is enabled.


Reproducible: Always

Steps to Reproduce:
1.every time a mail is filtered with amavisd-new/spamassassin/dcc
2.
3.
Actual Results:  
error: Apr 12 15:38:49 colin dccproc[1484]: open(/var/dcc/map): Read-only file system

Expected Results:  
No error.

Log-error:
Apr 12 15:38:49 colin dccproc[1484]: open(/var/dcc/map): Read-only file system

colin ~ # ll /var/dcc/map
lrwxrwxrwx 1 amavis amavis 12 19. Mär 09:36 /var/dcc/map -> /etc/dcc/map

mail-filter/dcc-1.3.158 installs its config in /etc/dcc, see ebuild:
https://gitweb.gentoo.org/repo/gentoo.git/tree/mail-filter/dcc/dcc-1.3.158.ebuild
moveconf() {
	local into=/etc/dcc/
	for i in $@; do
		mv "${D}${dcc_homedir}/${i}" "${D}${into}"
		dosym "${into}${i}" "${dcc_homedir}/${i}"
	done
}

/usr/lib/systemd/system/amavisd.service includes 'ProtectSystem=full' which disables write-access on /etc by design.



# /etc/systemd/system/amavisd.service.d/override.conf
[Service]
ReadWritePaths=-/etc/dcc

will remove the error.

Possible solution: mail-filter/dcc should place config in /var/dcc/etc or amavisd's systemd-unit could be changed as above.

bug-report on redhat on this topic:
https://bugzilla.redhat.com/show_bug.cgi?id=1532139

for the first solution, this patch might be needed.
https://bugzilla.redhat.com/show_bug.cgi?id=1532139
Comment 1 Michael Orlitzky gentoo-dev 2018-11-15 15:49:31 UTC 
I believe we already have the fix for SpamAssassin in place. Reading the source code for "dccproc", it's clear that the map file in question is *not* a configuration file. It's persistent, writable, program data: i.e. the stuff that goes under /var.

So I think the right fix for this is to leave the map file (and anything else that needs to be written at runtime) where it is.

(/var/lib/dcc would be even better IMO)