stevegrubb
commented
1 year ago I think systemd might be able to create it during startup: RuntimeDirectory=fapolicyd If that works, we can add it to the service file.
Closed stridge-cruxml closed 9 months ago
stevegrubb
commented
1 year ago I think systemd might be able to create it during startup: RuntimeDirectory=fapolicyd If that works, we can add it to the service file.
wjhunter3
commented
1 year ago The RHEL version of fapolicyd does this.
On Thu, Aug 3, 2023 at 5:57 PM Steve Grubb @.***> wrote:
I was think systemd might be able to create it during startup: RuntimeDirectory=fapolicyd If that works, we can add it to the service file.
— Reply to this email directly, view it on GitHub https://github.com/linux-application-whitelisting/fapolicyd/issues/258#issuecomment-1664694977, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3JB35ZQFJ6Y26KPYFYV5A3XTQNGFANCNFSM6AAAAAA3CGHB7Y . You are receiving this because you are subscribed to this thread.Message ID: @.*** .com>
stevegrubb
commented
1 year ago OK, I added it to the service file.
stridge-cruxml
commented
1 year ago Ah that makes sense! Thanks!
Kangie
commented
10 months ago Ubuntu deletes this on reboot it seems.
/run is typically a tmpfs mount - there's no way for it to persist through reboots; this is buggy behaviour worked around by the systemd service definition.
Edit: To be clear, this is bad because we cannot always rely on the user starting fapolicyd via the systemd unit - the README instructs users to test by calling the binary directly which will always fail unless the user takes manual action. The linked PR addresses this behaviour.
stevegrubb
commented
9 months ago This can be closed since a patch was merged that should address this.
The directory
/run/fapolicyd/is not created if it doesn't exist and results in a crash on startup. Ubuntu deletes this on reboot it seems.