[Pkg-clamav-devel] Bug#783720: clamav-daemon does not honour Local* with systemd
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri May 1 21:11:03 UTC 2015
On 2015-04-29 23:03:49 [+0200], Andreas Cadhalpun wrote:
> Hi Sebastian,
Hi Andreas,
> >> The options
> >> LocalSocket /var/run/clamav/clamd.ctl.change
> >> LocalSocketGroup nobody
> >> LocalSocketMode 600
same options
> I just pushed a fix for this.
> It seems to work as intended, but additional testing would be nice. ;)
now I see in /etc/systemd/system/clamav-daemon.socket.d/extend.conf:
[Socket]
ListenStream=
SocketUser=clamav
ListenStream=/var/run/clamav/clamd.ctl.change
SocketGroup=nobody
SocketMode=600
and ls gives me:
ls -lah /var/run/clamav/
total 0
drwxr-xr-x 2 clamav clamav 80 May 1 22:59 .
drwxr-xr-x 16 root root 560 May 1 21:28 ..
srw-rw-rw- 1 clamav clamav 0 May 1 21:28 clamd.ctl
srw------- 1 root root 0 May 1 22:59 clamd.ctl.change
which means the user & group is wrong.
The debian/clamav-daemon.postinst.in file adds ListenStream twice, so
the first (empty) one may leave. After that change I still don't see
systemd setting the permissions properly. Any ideas?
> I've also run this through piuparts, which didn't complain.
good.
> However while testing this, I noticed another issue:
> The clamav-daemon.socket is not stopped during 'dpkg-reconfigure clamav-daemon'.
> Thus after changing the name of the socket, a stale socket file is left behind.
> I'm not sure if that's really a problem worth fixing though. Thoughts?
Leaving stale sockets isn't nice I guess. But it won't happen often I
guess. "stop" - change socket file - "start" would fix it and a reload
due to new options would be done anyway. Would that be a way to fix it?
> Best regards,
> Andreas
Sebastian
More information about the Pkg-clamav-devel
mailing list