Comments in the shipped AppArmor profile state that fwknopd is assumed
to be built with 'localstatedir=/var', which is misleading for several
reasons:
* AppArmor profile assumes that fwknopd's pidfile and digest cache are
under /run/fwknop by the looks of it, i.e. 'localstatedir' is '/run'.
* By default these files are placed under /var/run/fwknop. Thus this
profile implicitly relies on the existence of '/var/run -> /run' symlink
and won't work otherwise when 'localstatedir' is '/var'
Since GitHub PR#152 was merged, 'localstatedir' can be simply set to
'/run' for AppArmor users to avoid this confusion. This changeset does
it.
If anyone had it working before, they should have it working now as the
shipped AppArmor profile required /run existence before as well.
This commit fixes the following warning during compilation on Mac OS X:
gcc -DHAVE_CONFIG_H -I. -I.. -I ../lib -I ../common -DSYSCONFDIR=\"/etc\" -DSYSRUNDIR=\"/var\" -g -O2 -Wall -Wformat -Wformat-security -fstack-protector-all -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -MT fwknopd-incoming_spa.o -MD -MP -MF .deps/fwknopd-incoming_spa.Tpo -c -o fwknopd-incoming_spa.o `test -f 'incoming_spa.c' || echo './'`incoming_spa.c
incoming_spa.c:736:23: warning: absolute value function 'abs' given an argument of
type 'long' but has parameter of type 'int' which may cause truncation of
value [-Wabsolute-value]
ts_diff = abs(now_ts - spadat.timestamp);
^
incoming_spa.c:736:23: note: use function 'labs' instead
ts_diff = abs(now_ts - spadat.timestamp);
^~~
labs
1 warning generated.
Having extra '/run' subdirectory hardcoded into paths used for options
'digest-file', 'pid-file', 'run-dir' is counterintuitive and can lead to
bogus directory layouts when 'localstatedir' differs from the default
value.
For example, if 'localstatedir' is set to '/run', which is a common and
recommended substitute for /var/run in many distros nowadays, then
fwknop files will be placed under /run/run/fwknop.
This changeset removes extra '/run' subdirectory from all relevant paths
by changing DEF_RUN_DIR. Default value of 'localstatedir' is changed to
'/var/run' so users who relied on the previous behaviour won't have to
bother changing anything.
This is tested and works. Gentoo have this patch applied since 2.6.0.
