From: russell@coker.com.au (Russell Coker)
Date: Sun, 5 Mar 2017 16:06:29 +1100
Subject: [refpolicy] [PATCH] systemd-nspawn
In-Reply-To: <201703051541.06781.russell@coker.com.au>
References: <20170228110557.ck7x4ligazrhdnrx@athena.coker.com.au>
	<20170304122634.GA3913@t450.enp8s0.d30>
	<201703051541.06781.russell@coker.com.au>
Message-ID: <201703051606.29399.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, 5 Mar 2017 03:41:06 PM Russell Coker wrote:
> Applications should use the canonical name which has been /run for some
> years  now.  We can have the subst entry in the upstream policy for a
> while to cater for this, but in the long term it should be removed.  If
> there are any apps that do such lookups with /var/run then I think the
> correct thing to do is to have duplicate file_contexts entries for those
> few files rather than having a subst entry for the entire system.  This
> means we know which things need to be fixed.

I've just filed Debian bug reports against mon, iodine, screen, and openssh for 
having tmpfiles.d entries that used /var/run.  I'll file more for any other 
daemons that do it.

I think we should all file bugs against packages that use /var/run.

https://lists.fedoraproject.org/pipermail/devel/2011-March/150031.html

Above is the explanation of /run that describes changes made in Fedora 6 years 
ago!  6 years is more than enough time to complete the migration.  If it's not 
done yet it's a bug.

grep var/run /usr/lib/tmpfiles.d/*

The above command may show some bug reports you need to file.  ;)

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/