Bug#902413: Systemd unit is also pointing to /var/run instead of /run

Sat, 16 Mar 2019 22:33:49 -0700 

Hello,

Additionally to what wavexx reported, the systemd unit file is also
pointing PIDFile= inside the deprecated /var/run instead of /run. The
init script is also pointing to that directory.

I'm reporting this here since it's related to why that tmpfiles line
exists. However, this would imply a change upstream

I suggest that the following changes for the upstream file. arguably
though many lines of python code also reference /var/run and should be
changed, too.

-------------8<----------------8<-------------
--- a/files/fail2ban.service.in 2019-03-17 01:12:08.000000000 -0400
+++ b/files/fail2ban.service.in 2019-03-17 01:08:05.339634130 -0400
@@ -6,13 +6,13 @@

 [Service]
 Type=simple
-ExecStartPre=/bin/mkdir -p /var/run/fail2ban
 ExecStart=@BINDIR@/fail2ban-server -xf start
 # if should be logged in systemd journal, use following line or set
logtarget to sysout in fail2ban.local
 # ExecStart=@BINDIR@/fail2ban-server -xf --logtarget=sysout start
 ExecStop=@BINDIR@/fail2ban-client stop
 ExecReload=@BINDIR@/fail2ban-client reload
-PIDFile=/var/run/fail2ban/fail2ban.pid
+RuntimeDirectory=fail2ban
+PIDFile=/run/fail2ban/fail2ban.pid
 Restart=on-failure
 RestartPreventExitStatus=0 255

--- a/files/debian-initd        2019-03-17 01:12:08.000000000 -0400
+++ b/files/debian-initd        2019-03-17 01:14:18.993738399 -0400
@@ -34,7 +34,7 @@
 # Ad-hoc way to parse out socket file name
 SOCKFILE=`grep -h '^[^#]*socket *=' /etc/$NAME/$NAME.conf
/etc/$NAME/$NAME.local 2>/dev/null \
           | tail -n 1 | sed -e 's/.*socket *= *//g' -e 's/ *$//g'`
-[ -z "$SOCKFILE" ] && SOCKFILE='/var/run/fail2ban.sock'
+[ -z "$SOCKFILE" ] && SOCKFILE='/run/fail2ban.sock'

 # Exit if the package is not installed
 [ -x "$DAEMON" ] || exit 0
@@ -109,13 +109,13 @@
                DAEMON_ARGS="$DAEMON_ARGS -x"
        fi

-       # Assure that /var/run/fail2ban exists
-       [ -d /var/run/fail2ban ] || mkdir -p /var/run/fail2ban
+       # Assure that /run/fail2ban exists
+       [ -d /run/fail2ban ] || mkdir -p /run/fail2ban

        if [ "$FAIL2BAN_USER" != "root" ]; then
                # Make the socket directory, IP lists and fail2ban log
                # files writable by fail2ban
-               chown "$FAIL2BAN_USER" /var/run/fail2ban
+               chown "$FAIL2BAN_USER" /run/fail2ban
                # Create the logfile if it doesn't exist
                touch /var/log/fail2ban.log
                chown "$FAIL2BAN_USER" /var/log/fail2ban.log

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to