[apparmor] [PATCH] remove /var/run alternations in favor of /run

Jamie Strandboge jamie at canonical.com
Fri Sep 15 18:08:15 UTC 2017

On Fri, 2017-09-15 at 19:58 +0200, Christian Boltz wrote:
> Hello,
> Am Freitag, 15. September 2017, 15:19:24 CEST schrieb Jamie Strandboge:
> > Description: remove /{,var/}run, /{var/,}run and {var/run,run}
> > alternations in favor of /run. This migration happened
> > corss-distribution in late 2011 when the compatibility symlink for
> > /var/run -> /run was introduced.
> It's not a symlink everywhere ;-)
> On openSUSE Tumbleweed (at least on my system):
> # mount |grep run |grep -v /user/
> tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
> tmpfs on /var/run type tmpfs (rw,nosuid,nodev,mode=755)
> It's a bind mount, so the content of both directories is exactly the 
> same.
> This means depending on what the application uses (/var/run/ or /run/), 
> both paths are possible.
> Interestingly, rpm -qlv filesystem says
>     lrwxrwxrwx    1 root    root      4 Jun 23 09:22 /var/run -> /run
> so new installations probably get the symlink, but existing 
> installations seem to keep the bind mount. This means we'll probably see 
> the bind mount for quite a while ;-)
> > References:
> > https://lists.ubuntu.com/archives/apparmor/2017-April/010724.html
> That was about adding new rules where we really should only use /run/.

The only reason why I did this patch is because every time I add a new rule with
/{,var/}run I'm asked about why I am doing that. :P

If there are systems out there with both, then I don't see how we could
reasonably pick and choose which rules use only /run and which don't (with the
possible exception of systemd, which came up on the list that it will always use
/run) since these are going to be distro-specific and not all distros that use
AppArmor participate on this list. I would therefore propose this patch be
NAKed, we always use /{,var/}run when using /run and stop debating the issue.

Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20170915/72cdc05b/attachment.sig>

More information about the AppArmor mailing list