From c5dd30b058961dac520d71d07e5b6eed924a900c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9?= Date: Sat, 14 Oct 2017 23:25:29 +0200 Subject: [PATCH] [ClamAV] Use tini, check if background procs are running, use pipe to output to stdout --- data/Dockerfiles/clamd/Dockerfile | 6 +++-- data/Dockerfiles/clamd/bootstrap.sh | 36 ++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 10 deletions(-) diff --git a/data/Dockerfiles/clamd/Dockerfile b/data/Dockerfiles/clamd/Dockerfile index aa50b807..ec56bf1d 100644 --- a/data/Dockerfiles/clamd/Dockerfile +++ b/data/Dockerfiles/clamd/Dockerfile @@ -7,7 +7,7 @@ COPY dl_files.sh bootstrap.sh ./ # Installation RUN apk add --update \ - && apk add --no-cache clamav clamav-libunrar curl bash \ + && apk add --no-cache clamav clamav-libunrar curl bash tini \ && chmod +x /dl_files.sh \ && set -ex; /bin/bash /dl_files.sh \ && mkdir /run/clamav \ @@ -15,12 +15,14 @@ RUN apk add --update \ && chmod 750 /run/clamav \ && sed -i '/Foreground yes/s/^#//g' /etc/clamav/clamd.conf \ && sed -i '/TCPSocket 3310/s/^#//g' /etc/clamav/clamd.conf \ + && sed -i 's#LogFile /var/log/clamav/clamd.log#LogFile /tmp/logpipe_clamd#g' /etc/clamav/clamd.conf \ && sed -i 's/#PhishingSignatures yes/PhishingSignatures no/g' /etc/clamav/clamd.conf \ && sed -i 's/#PhishingScanURLs yes/PhishingScanURLs no/g' /etc/clamav/clamd.conf \ + && sed -i 's#UpdateLogFile /var/log/clamav/freshclam.log#UpdateLogFile /tmp/logpipe_freshclam#g' /etc/clamav/freshclam.conf \ && sed -i '/Foreground yes/s/^#//g' /etc/clamav/freshclam.conf # Port provision EXPOSE 3310 # AV daemon bootstrapping -CMD ["/bootstrap.sh"] +CMD ["/sbin/tini", "-g", "--", "/bootstrap.sh"] diff --git a/data/Dockerfiles/clamd/bootstrap.sh b/data/Dockerfiles/clamd/bootstrap.sh index d815214b..ffe582c9 100755 --- a/data/Dockerfiles/clamd/bootstrap.sh +++ b/data/Dockerfiles/clamd/bootstrap.sh @@ -1,14 +1,34 @@ #!/bin/bash -touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log -chown -R clamav:clamav /var/log/clamav/ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then - echo "SKIP_CLAMD=y, skipping ClamAV..." - sleep 365d - exit 0 + echo "SKIP_CLAMD=y, skipping ClamAV..." + sleep 365d + exit 0 fi -freshclam -d & -clamd & +# Create log pipes +touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log +mkfifo -m 600 /tmp/logpipe_clamd +mkfifo -m 600 /tmp/logpipe_freshclam +chown -R clamav:clamav /var/log/clamav/ /tmp/logpipe_* +cat <> /tmp/logpipe_clamd 1>&2 & +cat <> /tmp/logpipe_freshclam 1>&2 & -tail -f /var/log/clamav/clamd.log /var/log/clamav/freshclam.log +# Prepare +BACKGROUND_TASKS=() + +freshclam -d & +BACKGROUND_TASKS+=($!) + +clamd & +BACKGROUND_TASKS+=($!) + +while true; do + for bg_task in ${BACKGROUND_TASKS[*]}; do + if ! kill -0 ${bg_task} 1>&2; then + echo "Worker ${bg_task} died, stopping container waiting for respawn..." + kill -TERM 1 + fi + sleep 10 + done +done