[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/etch-volatile, updated. debian/0.95+dfsg-1-251-g3584aa1
Stephen Gran
steve at lobefin.net
Mon Jun 15 22:11:21 UTC 2009
The following commit has been merged in the debian/etch-volatile branch:
commit 13b033c56a8a9f4212c2b78d92a8a9aa6298699e
Author: martin f. krafft <madduck at madduck.net>
Date: Mon Jun 15 11:21:00 2009 +0200
Rewrite socket group changing for milter
I recreated /etc/default/clamav-milter.conf with a single variable:
SOCKET_RWGROUP the name of a group to get g+w access on the socket
This should make integration with postfix work again, while also being
sufficiently generic.
I initially considered SOCKET_PERMS=clamav:postfix:775 but then noticed
that $User comes from the clamav configuration already, and couldn't
imagine any other use cases.
Signed-off-by: martin f. krafft <madduck at madduck.net>
diff --git a/debian/clamav-milter.default b/debian/clamav-milter.default
new file mode 100644
index 0000000..68b2d1e
--- /dev/null
+++ b/debian/clamav-milter.default
@@ -0,0 +1,13 @@
+#
+# clamav-milter init options
+#
+
+## SOCKET_RWGROUP
+# by default, the socket created by the milter has permissions
+# clamav:clamav:755. SOCKET_RWGROUP changes the group and changes the
+# permissions to 775 to give read-write access to that group.
+#
+# If you are using postfix to speak to the milter, you have to give permission
+# to the postfix group to write
+#
+#SOCKET_RWGROUP=postfix
diff --git a/debian/clamav-milter.init.in b/debian/clamav-milter.init.in
index 5bbd991..e1f526f 100644
--- a/debian/clamav-milter.init.in
+++ b/debian/clamav-milter.init.in
@@ -37,6 +37,8 @@ if [ ! -f "$CLAMAVCONF" ]; then
exit 0
fi
+[ -f /etc/default/clamav-milter ] && . /etc/default/clamav-milter
+
slurp_config "$CLAMAVCONF"
[ -n "$User" ] || User=clamav
@@ -58,16 +60,47 @@ else
SOCKET="$MilterSocket"
fi
+wait_for_socket()
+{
+ local socket; socket="$1"
+ local retries; retries=${2:-15}
+ local sleeptime; sleeptime=${3:-1}
+ while [ $retries -gt 0 ]; do
+ retries=$(($retries - 1))
+ [ -S "$socket" ] && break
+ sleep $sleeptime
+ done
+ test $retries -ne 0
+}
+
+change_socket_group()
+{
+ local socket; socket="$1"
+ local group; group="$2"
+ local retries; retries=${3:-15}
+ local sleeptime; sleeptime=${4:-1}
+
+ [ -n "$group" ] || return 0
+
+ if wait_for_socket "$socket" $retries $sleeptime; then
+ chmod g+w "$SOCKET_PATH"
+ chgrp "$SOCKET_RWGROUP" "$SOCKET_PATH"
+ else
+ log_warning_msg "Tried to change socket group, but socket did not appear."
+ fi
+}
+
case "$SOCKET" in
/*)
SOCKET_PATH="$SOCKET"
- SOCKET="local:$SOCKET"
+ SOCKET_TYPE="local"
;;
*)
- SOCKET_PATH=`echo $SOCKET | sed -e s/local\://`
- # If the socket is type inet: we don't care - we can't rm -f that later :)
+ SOCKET_PATH="${SOCKET#*:}"
+ SOCKET_TYPE="${SOCKET%%:*}"
;;
esac
+SOCKET="${SOCKET_TYPE:-local}:${SOCKET_PATH}"
if is_true "$Foreground"; then
if [ ! -x "$SUPERVISOR" ] ; then
@@ -128,22 +161,10 @@ case "$1" in
$SUPERVISOR $SUPERVISORARGS -X "$SUPERVISOR_EXEC"
ret=$?
fi
- if [ $ret = 0 ] && [ "$USE_POSTFIX" = 'yes' ] && [ "${SOCKET_PATH#inet}" = "${SOCKET_PATH}" ]; then
- cnt=0
- until [ -e "$SOCKET_PATH" ] ; do
- cnt=`expr "$cnt" + 1`
- if [ "$cnt" -gt 15 ]; then
- break
- fi
- sleep 2
- done
- if [ -e "$SOCKET_PATH" ]; then
- chmod g+w $SOCKET_PATH
- chgrp postfix $SOCKET_PATH
- else
- log_warning_msg "Socket not created. Investigate"
- fi
- fi
+
+ # try 15*1 seconds to change the socket group
+ change_socket_group "$SOCKET_PATH" "$SOCKET_RWGROUP" 15 1
+
log_end_msg $ret
;;
stop)
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list