[HEADS-UP] Moving /var/run and /var/lock to tmpfs in Rawhide

[Paul Howarth]

On 30/11/10 08:38, Toshio Kuratomi wrote:
> On Tue, Nov 30, 2010 at 03:11:43AM -0500, Akira TAGOH wrote:
>> | 2) The act of installing the rpm should create the necessary directories.
>> | Alternately, the program (or as you say, the init script) can create the
>> | necessary directories.  Note that I don't believe that systemd gives you the
>> | flexibility to do that sort of thing (there's no "script" in its init stuff)
>> | so you'd need a wrapper script for the program itself or write a patch to
>> | the program itself to achieve this where the program doesn't create the
>> | directory already and if we don't do this from within the rpm payload.
>>
>> To get this working on SELinux, are we presuming that restorecond is running on the system or does the package maintainer need to take care of running restorecon manually in the script or the program?
>>
> I thought lennart mentioned something about selinux and tmpfiles.d defined
> directories but I could be misremembering.

Files/directories created as a result of tmpfiles.d entries will have 
the correct SELinux contexts.

Files/directories created by an initscript will probably need to have 
restorecon run on them to set the correct context (which of course can 
be done in the initscript).

Files/directories created at startup by a daemon may or may not have the 
correct SELinux contexts depending on whether the necessary transition 
rules are in the policy. If they're not set correctly, it would be a 
good idea to raise a bug on selinux-policy to address that.

Paul.