commit: 922d60f30560d89525a187f61ba10fa37aeaeae4 Author: Zurab Kvachadze <zurabid2016 <AT> gmail <DOT> com> AuthorDate: Tue Sep 16 19:57:13 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Fri Oct 3 04:51:32 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=922d60f3
www-server/nginx: revbump tmpfiles: /var/tmp/nginx -> /var/cache/nginx In contrast to /var/tmp, /var/cache is only writable by root, so it should be more foolproof against possible exploitation. As previously, the cache directory's permissions is adjusted every time this tmpfiles.d config is read. This new config deviates from the previous one's behaviour by only cleaning /var/cache/nginx boot to not prune the temporary files of the running NGINX instance (e.g. on upgrade), if there is one running. Bug: https://bugs.gentoo.org/962961 Signed-off-by: Zurab Kvachadze <zurabid2016 <AT> gmail.com> Part-of: https://github.com/gentoo/gentoo/pull/43823 Signed-off-by: Sam James <sam <AT> gentoo.org> www-servers/nginx/files/nginx-r1.tmpfiles | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/www-servers/nginx/files/nginx-r1.tmpfiles b/www-servers/nginx/files/nginx-r1.tmpfiles new file mode 100644 index 000000000000..eda6d705bbb2 --- /dev/null +++ b/www-servers/nginx/files/nginx-r1.tmpfiles @@ -0,0 +1,4 @@ +d /var/cache/nginx 0755 root root + +# Clean up the cache only on boot to not break running NGINX +e! /var/cache/nginx/ - - - 0
