Closed stridge-cruxml closed 9 months ago
I think systemd might be able to create it during startup: RuntimeDirectory=fapolicyd If that works, we can add it to the service file.
The RHEL version of fapolicyd does this.
On Thu, Aug 3, 2023 at 5:57 PM Steve Grubb @.***> wrote:
I was think systemd might be able to create it during startup: RuntimeDirectory=fapolicyd If that works, we can add it to the service file.
— Reply to this email directly, view it on GitHub https://github.com/linux-application-whitelisting/fapolicyd/issues/258#issuecomment-1664694977, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3JB35ZQFJ6Y26KPYFYV5A3XTQNGFANCNFSM6AAAAAA3CGHB7Y . You are receiving this because you are subscribed to this thread.Message ID: @.*** .com>
OK, I added it to the service file.
Ah that makes sense! Thanks!
Ubuntu deletes this on reboot it seems.
/run
is typically a tmpfs mount - there's no way for it to persist through reboots; this is buggy behaviour worked around by the systemd service definition.
Edit: To be clear, this is bad because we cannot always rely on the user starting fapolicyd via the systemd unit - the README instructs users to test by calling the binary directly which will always fail unless the user takes manual action. The linked PR addresses this behaviour.
This can be closed since a patch was merged that should address this.
The directory
/run/fapolicyd/
is not created if it doesn't exist and results in a crash on startup. Ubuntu deletes this on reboot it seems.