[Pkg-utopia-maintainers] Bug#783321: D-Bus system bus socket /run vs. /var/run [was: more issues]

Simon McVittie smcv at debian.org
Wed Mar 22 09:58:30 UTC 2017


Please try to use a subject line that doesn't require commenters on a
bug to remember what a bug number refers to.

On Tue, 21 Mar 2017 at 23:49:05 +1100, Russell Coker wrote:
> When a program like systemd creates a file and checks the SE Linux 
> file_contexts for the initial context it will be based on the path used.  So 
> when systemd uses a path with /var/run we need a file contexts entry for that 
> as well as for the /run version.
> 
> In the past we have had a subst entry making /var/run and /run equivalent but 
> we are moving away from that to having direct entries for the paths used.
> 
> As /var/run is a symlink to /run in regard to Unix permissions there's no 
> reason to stick with the /var/run name.

/var/run/dbus/system_bus_socket is the canonical form of the system socket's
path, used in numerous distributions since before /run was invented. I'm
reluctant to change it on the basis of which of several equivalent forms one
particular LSM wants to see, because if some other LSM with behaviour
analogous to SELinux is the other way round (expects /var/run and does the
wrong thing when given /run), how would we resolve that? In the absence
of a compelling reason to choose one over the other, staying the same
wins over changing anything.

If SELinux policies care about this distinction even though the actual
file is (on any reasonable system) the same inode, then I think the onus
is on the SELinux policies to be written to cope with both.

    S



More information about the Pkg-utopia-maintainers mailing list