[clamav-users] ClamAV 0.103.0 release candidate - systemd service start fails
Arjen de Korte
build+clamav at de-korte.org
Fri Aug 21 13:39:20 UTC 2020
Citeren Michael Orlitzky via clamav-users <clamav-users at lists.clamav.net>:
> On 2020-08-21 08:11, Arjen de Korte via clamav-users wrote:
>>
>> Not unconditionally. See the following from 'man 5 systemd.service':
>>
>> "The PID file does not need to be owned by a privileged user, but if it
>> is owned by an unprivileged user additional safety restrictions are
>> enforced: the file may not be a symlink to a file owned by a different
>> user (neither directly nor indirectly), and the PID file must refer to
>> a process already belonging to the service."
>>
>
> FWIW this was committed on Jan 8th 2018, and solves the problem by
> keeping a separate pid <-> process <-> service map that's writable only
> by root. The patch in question provides the same security to other
> service managers.
Great, but what happened to daemonizing clamd?
More information about the clamav-users
mailing list