[apparmor] [PATCH] remove /var/run alternations in favor of /run

Christian Boltz apparmor at cboltz.de
Fri Sep 15 17:58:00 UTC 2017


Am Freitag, 15. September 2017, 15:19:24 CEST schrieb Jamie Strandboge:
> Description: remove /{,var/}run, /{var/,}run and {var/run,run}
> alternations in favor of /run. This migration happened
> corss-distribution in late 2011 when the compatibility symlink for
> /var/run -> /run was introduced.

It's not a symlink everywhere ;-)

On openSUSE Tumbleweed (at least on my system):

# mount |grep run |grep -v /user/
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /var/run type tmpfs (rw,nosuid,nodev,mode=755)

It's a bind mount, so the content of both directories is exactly the 

This means depending on what the application uses (/var/run/ or /run/), 
both paths are possible.

Interestingly, rpm -qlv filesystem says
    lrwxrwxrwx    1 root    root      4 Jun 23 09:22 /var/run -> /run
so new installations probably get the symlink, but existing 
installations seem to keep the bind mount. This means we'll probably see 
the bind mount for quite a while ;-)

> References:
> https://lists.ubuntu.com/archives/apparmor/2017-April/010724.html

That was about adding new rules where we really should only use /run/.

However, for existing profiles, blindly removing /var/run/ will break if 
a program opens /var/run/whatever instead of /run/whatever and /var/run/ 
is a bind mount. For example, grepping through the dovecot sources gives 
me several matches for /var/run/. I also get matches for /run/ - no idea 
which of them is really used, I'd guess "probably both" ;-)


Christian Boltz
> Kann man das für alle MUAs sagen?
Nein, wohl nicht.  Es gibt todkranke, kranke (die durch richtige
Konfiguration wieder gesund werden) und gesunde MUAs.
[> Ratti und Mathias Bauer in suse-linux]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170915/2467f57f/attachment.sig>

More information about the AppArmor mailing list