[Pkg-clamav-devel] Bug#783720: clamav-daemon does not honour Local* with systemd

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Fri May 1 21:11:03 UTC 2015


On 2015-04-29 23:03:49 [+0200], Andreas Cadhalpun wrote:
> Hi Sebastian,
Hi Andreas,

> >> The options
> >> 	LocalSocket /var/run/clamav/clamd.ctl.change
> >> 	LocalSocketGroup nobody
> >> 	LocalSocketMode 600

same options

> I just pushed a fix for this.
> It seems to work as intended, but additional testing would be nice. ;)

now I see in /etc/systemd/system/clamav-daemon.socket.d/extend.conf:
[Socket]
ListenStream=
SocketUser=clamav
ListenStream=/var/run/clamav/clamd.ctl.change
SocketGroup=nobody
SocketMode=600

and ls gives me:
ls -lah /var/run/clamav/
total 0
drwxr-xr-x  2 clamav clamav  80 May  1 22:59 .
drwxr-xr-x 16 root   root   560 May  1 21:28 ..
srw-rw-rw-  1 clamav clamav   0 May  1 21:28 clamd.ctl
srw-------  1 root   root     0 May  1 22:59 clamd.ctl.change

which means the user & group is wrong.

The debian/clamav-daemon.postinst.in file adds ListenStream twice, so
the first (empty) one may leave. After that change I still don't see
systemd setting the permissions properly. Any ideas?

> I've also run this through piuparts, which didn't complain.
good.

> However while testing this, I noticed another issue:
> The clamav-daemon.socket is not stopped during 'dpkg-reconfigure clamav-daemon'.
> Thus after changing the name of the socket, a stale socket file is left behind.
> I'm not sure if that's really a problem worth fixing though. Thoughts?

Leaving stale sockets isn't nice I guess. But it won't happen often I
guess. "stop" - change socket file - "start" would fix it and a reload
due to new options would be done anyway. Would that be a way to fix it?

> Best regards,
> Andreas

Sebastian



More information about the Pkg-clamav-devel mailing list