On Thu, Mar 21, 2019 at 1:08 PM Dominick Grift <dac.override@xxxxxxxxx> wrote:
>
> Petr Lautrbach <plautrba@xxxxxxxxxx> writes:
>
> > Nicolas Iooss <nicolas.iooss@xxxxxxx> writes:
> >
> >> On most distributions, /var/run is a symbolic link to /run so using
> >> /var/run or /run lead to the same result. Nevertheless systemd
> >> started
> >> to warn about using /var/run in a service file, logging entries such
> >> as:
> >>
> >> /usr/lib/systemd/system/restorecond.service:8: PIDFile=
> >> references
> >> path below legacy directory /var/run/, updating
> >> /var/run/restorecond.pid → /run/restorecond.pid; please
> >> update the
> >> unit file accordingly.
> >>
> >> Switch to /run in order to follow this advice.
> >>
> >> Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
>
> There are other occurances of "/var/run" tree-wide. Some more important
> than others: cd selinux; grep -r "/var/run" .
Are all distribution using /run instead of /var/run with a symlink
from /var/run to /run? For me, it is all right to move a PID file,
which is only shared between the service and the service manager, but
moving files such as the Unix socket /var/run/setrans/.setrans-unix
could cause issues on systems where /var/run and /run are different
directories.
Also, policycoreutils/scripts/fixfiles currently contains:
find /var/run \( -context "*:${UNLABELED}*" -o -context
"*:${UNDEFINED}*" \) -exec chcon --no-dereference --reference /var/run
{} \;
This command does not do anything useful when /var/run is a symlink
(either a slash needs to be added to the path, in order to use
/var/run, or /run needs to be specified too). Right now I do not have
much time to investigate how several distributions configure their
/run and /var/run directories (I am writing a research paper related
to Dell's iDRAC system, which appears to be using SELinux since its
version 9). If nobody else does this, I plan doing this work in April.
Thanks,
Nicolas
