Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 709780

Summary: app-antivirus/clamav: logrotate script uses /var/run instead of /run and should probably be simplified
Product: Gentoo Linux Reporter: Hanno Böck <hanno>
Component: Current packagesAssignee: Antivirus Team <antivirus>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.clamav.net/show_bug.cgi?id=12435
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 830306    

Description Hanno Böck gentoo-dev 2020-02-16 08:31:53 UTC 
The logrotate script for clamd contains this (and a similar line for freshclamd):

/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true

This uses /var/run, which is deprecated and should be /run.

Furthermore the 2>/dev/null and || true seem odd to me and I wonder what motivates it. It seems this would cause all problems to be hidden. When one of these commands throws an error or returns false the admin should probably know about this.
Comment 1 Michael Orlitzky gentoo-dev 2020-02-16 16:20:24 UTC 
Thanks, I already noticed the PID file location (in $URL, but it's restricted), but we need an upstream fix before I start messing with the PID file locations. The current path is a security risk, because in the logrotate script, that's root calling `kill` on the contents of a file that is owned by an unprivileged user. In my opinion clamd/freshclam should create the PID files as root, and then we can put them in e.g. /run/clamd.pid where they belong.

As for the error handling: you're probably right. I'll remove it from the logrotate script on our MX and see if anything bad happens.
Comment 2 Larry the Git Cow gentoo-dev 2020-09-23 03:34:46 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76622421052176c051df0c19a518d6c064aa5e5e

commit 76622421052176c051df0c19a518d6c064aa5e5e
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2020-09-22 13:24:36 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2020-09-23 03:23:24 +0000

    app-antivirus/clamav: new logrotate files for v0.103.0.
    
    Now that each ClamAV daemon has its own OpenRC service, we
    separate the logrotate entries as well. This fixes an old
    bug where we relied on the service manager being OpenRC.
    
    Closes: https://bugs.gentoo.org/508520
    Closes: https://bugs.gentoo.org/709780
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

 app-antivirus/clamav/clamav-0.103.0.ebuild         |  5 ++++-
 app-antivirus/clamav/files/clamav-milter.logrotate | 25 ++++++++++++++++++++++
 app-antivirus/clamav/files/clamd.logrotate         | 17 +++++++++++++++
 app-antivirus/clamav/files/freshclam.logrotate     | 17 +++++++++++++++
 4 files changed, 63 insertions(+), 1 deletion(-)