On Mon, Mar 12, 2018 at 9:28 AM, Paul W. Frields <stickster(a)gmail.com> wrote:
The introduction of non-persistent /run has apparently created an
issue where some RPM packages raise verification issues depending on
the umask present when a process from that package starts. The issue
is further explained in a tracking bug here:
https://bugzilla.redhat.com/show_bug.cgi?id=1553916
Please don't link bugs no one can read.
While arguably not a showstopper for Fedora, it's certainly an
annoyance to have RPMs not verify post-installation when a packaged
service is started. This situation's also potentially harmful
downstream to RHEL. It means that customers who have to go through
audit processes for STIG[1] compliance will get dinged (even if
explainable) for this packaging issue.
Note that in the tracking bug above, there's a reference to a specific
example which was fixed appropriately for resource-agents:
https://bugzilla.redhat.com/show_bug.cgi?id=1462802
Would packaging folks agree that it's worth fixing files not using
tmpfiles.d (
https://fedoraproject.org/wiki/Packaging:Tmpfiles.d) to do
so?
Regardless of the bugs no one can read, I agree moving to tmpfiles.d
files makes sense.
--
真実はいつも一つ!/ Always, there's only one truth!