Description of problem: /usr/lib/tmpfiles.d/pam.conf references /var/run instead of /run This can cause issues in some scenario's and there really is no reason to keep using the old /var/run Version-Release number of selected component (if applicable): pam-1.3.0-10.fc28.x86_64 How reproducible: Install an SELinux policy that does not support legacy "/var/run" systemd-tmpfiles will interpret /usr/lib/tmpfiles.d/pam.conf systemd-tmpfiles' selinux awareness will try to determine the label to create the files in pam.conf with The determined label is not allowed to associate with the tmpfs filesystem mounted on /run The /var/run symlink is really only there for scenario's where there is no other option (API compatibility). All other use-cases should just use "/run" directly. The goal is to, one day, migrate away from "/var/run" but if everyone keeps using "/var/run" because of habit then it might never happen.
The problem is the /var/run path is hardcoded in multiple PAM modules so just changing the tmpfiles PAM config would just make the thing inconsistent. We would need to patch all the use of /var/run in PAM together with the pam.conf and that is not that trivial and should be preferentially done upstream.
Thanks, Yes if this, arguably small, inconsistency bothers you then i suppose i can understand why you are hesitant to change the tmpfiles snippet. But on the hand, its just that tmpfiles snippet. Which is fedora specific i suppose. The tmpfiles snippet causes issues do to the way systemd-tmpfiles processes it. (it is interpreted by systemd-tmpfiles, and systemd-tmpfiles makes decisions based on it. Those decision might in turn then force a "/var/run" dependency on other components like SELinux policy.
*** Bug 1471488 has been marked as a duplicate of this bug. ***
pam-1.3.1-7.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-3c0aaeaf9b
pam-1.3.1-7.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2c01c0a06
pam-1.3.1-8.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-3c0aaeaf9b
pam-1.3.1-8.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2c01c0a06
pam-1.3.1-8.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
pam-1.3.1-8.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.