From: russell@coker.com.au (Russell Coker) Date: Sun, 5 Mar 2017 16:06:29 +1100 Subject: [refpolicy] [PATCH] systemd-nspawn In-Reply-To: <201703051541.06781.russell@coker.com.au> References: <20170228110557.ck7x4ligazrhdnrx@athena.coker.com.au> <20170304122634.GA3913@t450.enp8s0.d30> <201703051541.06781.russell@coker.com.au> Message-ID: <201703051606.29399.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Sun, 5 Mar 2017 03:41:06 PM Russell Coker wrote: > Applications should use the canonical name which has been /run for some > years now. We can have the subst entry in the upstream policy for a > while to cater for this, but in the long term it should be removed. If > there are any apps that do such lookups with /var/run then I think the > correct thing to do is to have duplicate file_contexts entries for those > few files rather than having a subst entry for the entire system. This > means we know which things need to be fixed. I've just filed Debian bug reports against mon, iodine, screen, and openssh for having tmpfiles.d entries that used /var/run. I'll file more for any other daemons that do it. I think we should all file bugs against packages that use /var/run. https://lists.fedoraproject.org/pipermail/devel/2011-March/150031.html Above is the explanation of /run that describes changes made in Fedora 6 years ago! 6 years is more than enough time to complete the migration. If it's not done yet it's a bug. grep var/run /usr/lib/tmpfiles.d/* The above command may show some bug reports you need to file. ;) -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/