On Sun, Jan 30, 2022 at 12:47 AM Daniel Farina <dan...@fdr.io> wrote:
> I am using SELinux enforced AlmaLinux, and am wondering where the > customary place to put a ListenStream directive that is opening a unix > socket should be. > > Old-school customarily, /tmp suffices, but SELinux blocks that: "init_t" > is not allowed to create the socket there. > > Looking through definitions, /var/run/systemd is a place that systemd can > create unix socket files, and indeed my prototype using this works, but I'm > not sure if this is where they "belong." > > Does anyone have an opinion on this? > I'm not familiar with SELinux defaults, but the standard location for sockets has long been [/var]/run (with /run being the preferred spelling on Linux nowadays), and currently systemd has already been creating lots of sockets under /run in general – on my system I see /run/rpcbind.sock, /run/dmeventd-client, /run/avahi-daemon/socket, all of them created by pid1 through .socket units (see `systemctl list-sockets`) and not by the actual daemons themselves. This makes me assume that on distros with SELinux, the default policy would just allow systemd to do that. -- Mantas Mikulėnas