app-antivirus/clamav: fix LTS socket permissions under systemd

Bug: https://bugs.gentoo.org/921617
Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

2 files changed, 5 insertions, 7 deletions

diff --git a/app-antivirus/clamav/clamav-0.103.11.ebuild b/app-antivirus/clamav/clamav-0.103.11-r1.ebuild
index 7b1697a7e55c..d35dd66922a0 100644
--- a/app-antivirus/clamav/clamav-0.103.11.ebuild
+++ b/app-antivirus/clamav/clamav-0.103.11-r1.ebuild
@@ -121,13 +121,10 @@ src_install() {
 	if ! use libclamav-only ; then
 		if use systemd; then
 			# The tmpfiles entry is behind USE=systemd because the
-			# upstream OpenRC service files should (and do) ensure that
-			# the directories they need exist and have the correct
-			# permissions without the help of opentmpfiles. There are
-			# years-old root exploits in opentmpfiles, the design is
-			# fundamentally flawed, and the maintainer is not up to
-			# the task of fixing it.
-			dotmpfiles "${FILESDIR}/tmpfiles.d/clamav.conf"
+			# OpenRC service scripts should (and do) ensure that the
+			# directories they need exist and have the correct
+			# permissions without the help of tmpfiles.
+			newtmpfiles "${FILESDIR}/tmpfiles.d/clamav-r1.conf" clamav.conf
 			systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
 			systemd_dounit "${FILESDIR}/clamd.service"
 			systemd_newunit "${FILESDIR}/freshclamd.service-r1" \
diff --git a/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf b/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf
new file mode 100644
index 000000000000..22d29941ea02
--- /dev/null
+++ b/app-antivirus/clamav/files/tmpfiles.d/clamav-r1.conf
@@ -0,0 +1 @@
+d /run/clamav 0755 clamav clamav