On Sun, Jan 30, 2022 at 12:47 AM Daniel Farina <daniel@xxxxxx> wrote:
I am using SELinux enforced AlmaLinux, and am wondering where the customary place to put a ListenStream directive that is opening a unix socket should be.Old-school customarily, /tmp suffices, but SELinux blocks that: "init_t" is not allowed to create the socket there.Looking through definitions, /var/run/systemd is a place that systemd can create unix socket files, and indeed my prototype using this works, but I'm not sure if this is where they "belong."Does anyone have an opinion on this?
I'm not familiar with SELinux defaults, but the standard location for sockets has long been [/var]/run (with /run being the preferred spelling on Linux nowadays), and currently systemd has already been creating lots of sockets under /run in general – on my system I see /run/rpcbind.sock, /run/dmeventd-client, /run/avahi-daemon/socket, all of them created by pid1 through .socket units (see `systemctl list-sockets`) and not by the actual daemons themselves. This makes me assume that on distros with SELinux, the default policy would just allow systemd to do that.
Mantas Mikulėnas
