[gentoo-commits] repo/gentoo:master commit in: app-antivirus/clamav/, app-antivirus/clamav/files/tmpfiles.d/

Mon, 15 Jan 2024 17:46:02 -0800 

commit:     873ea574ea7e050bd7f1a7d4297528d3b2e5592e
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 16 01:14:32 2024 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Tue Jan 16 01:35:10 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=873ea574

app-antivirus/clamav: fix LTS socket permissions under systemd

Bug: https://bugs.gentoo.org/921617
Signed-off-by: Michael Orlitzky <mjo <AT> gentoo.org>

 .../{clamav-0.103.11.ebuild => clamav-0.103.11-r1.ebuild}     | 11 ++++-------
 app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf          |  1 +
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/app-antivirus/clamav/clamav-0.103.11.ebuild 
b/app-antivirus/clamav/clamav-0.103.11-r1.ebuild
similarity index 94%
rename from app-antivirus/clamav/clamav-0.103.11.ebuild
rename to app-antivirus/clamav/clamav-0.103.11-r1.ebuild
index 7b1697a7e55c..d35dd66922a0 100644
--- a/app-antivirus/clamav/clamav-0.103.11.ebuild
+++ b/app-antivirus/clamav/clamav-0.103.11-r1.ebuild
@@ -121,13 +121,10 @@ src_install() {
        if ! use libclamav-only ; then
                if use systemd; then
                        # The tmpfiles entry is behind USE=systemd because the
-                       # upstream OpenRC service files should (and do) ensure 
that
-                       # the directories they need exist and have the correct
-                       # permissions without the help of opentmpfiles. There 
are
-                       # years-old root exploits in opentmpfiles, the design is
-                       # fundamentally flawed, and the maintainer is not up to
-                       # the task of fixing it.
-                       dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
+                       # OpenRC service scripts should (and do) ensure that the
+                       # directories they need exist and have the correct
+                       # permissions without the help of tmpfiles.
+                       newtmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" 
clamav.conf
                        systemd_newunit "${FILESDIR}/clamd_at.service" 
"clamd@.service"
                        systemd_dounit "${FILESDIR}/clamd.service"
                        systemd_newunit "${FILESDIR}/freshclamd.service-r1" \

diff --git a/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf 
b/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf
new file mode 100644
index 000000000000..22d29941ea02
--- /dev/null
+++ b/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf
@@ -0,0 +1 @@
+d /run/clamav 0755 clamav clamav

Reply via email to