HomeFreeBSD

sysutils/zrepl: /var/run/zrepl should not be world-readable

Description

sysutils/zrepl: /var/run/zrepl should not be world-readable

This partially reverts commit 2a866a1, and instead installs
the pidfile to /var/run/zrepl.pid fixing the problem seen in
PR 255981.

As taken from the zrepl documentation[1]:

[....]
The zrepl daemon needs to open various UNIX sockets in a runtime directory:

a control socket that the CLI commands use to interact with the daemon
the ssh+stdinserver Transport listener opens one socket per configured
client, named after client_identity parameter

There is no authentication on these sockets except the UNIX permissions.
The zrepl daemon will refuse to bind any of the above sockets in a
directory that is world-accessible.
[....]

[1] https://zrepl.github.io/configuration/misc.html#runtime-directories-unix-sockets

PR: 256472
Reported by: Raúl <raul.munoz@custos.es>

(cherry picked from commit 621d9c9f594a0f7d049cb44dab25efed81c35c91)

Details

Provenance
lcookAuthored on Jun 8 2021, 3:09 PM
Parents
R11:f778c82958cd: lang/sbcl: update to 2.1.5
Branches
Unknown
Tags
Unknown
Reverts
R11:2a866a1b4fd0: sysutils/zrepl: pidfile should be world-readable