[clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails
Michael Orlitzky
michael at orlitzky.com
Fri Aug 21 12:59:02 UTC 2020
On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote:
>
> Not unconditionally. See the following from 'man 5 systemd.service':
>
> "The PID file does not need to be owned by a privileged user, but if it
> is owned by an unprivileged user additional safety restrictions are
> enforced: the file may not be a symlink to a file owned by a different
> user (neither directly nor indirectly), and the PID file must refer to
> a process already belonging to the service."
>
FWIW this was committed on Jan 8th 2018, and solves the problem by
keeping a separate pid <-> process <-> service map that's writable only
by root. The patch in question provides the same security to other
service managers.
More information about the clamav-users
mailing list