Move /var/run fc entries to /run

ca-hu · ca-hu · commit b7d69e4c048b · 2024-04-11T12:28:59.000+02:00
/var/run is a symlink to /run in microos.

Currently the selinux-policy package has a rule for file contexts
from /run/&lt;file&gt; to use the same file context specified in /var/run/&lt;file&gt;.

The upcoming main selinux-policy package update will change the direction
of that "forwarding", so /var/run will follow the rules in /run.
This way, the file context entries will match the actual filesystem path.

All existing file context entries in custom modules
based on the /var/run path need to change to /run, otherwise there is no rule
for /var/run entries to "be forwarded to" in /run.

Signed-off-by: Cathy Hu &lt;cahu@suse.de&gt;
diff --git a/policy/microos/k3s.fc b/policy/microos/k3s.fc
@@ -23,5 +23,5 @@
 /var/lib/rancher/k3s/data/[^/]*/bin/runc                        --  gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /var/lib/rancher/k3s/data/[^/]*/etc(/.*)?                           gen_context(system_u:object_r:container_config_t,s0)
 /var/lib/rancher/k3s/storage(/.*)?                                  gen_context(system_u:object_r:container_file_t,s0)
-/var/run/k3s(/.*)?                                                  gen_context(system_u:object_r:container_var_run_t,s0)
-/var/run/k3s/containerd/[^/]*/sandboxes/[^/]*/shm(/.*)?             gen_context(system_u:object_r:container_runtime_tmpfs_t,s0)
+/run/k3s(/.*)?                                                      gen_context(system_u:object_r:container_var_run_t,s0)
+/run/k3s/containerd/[^/]*/sandboxes/[^/]*/shm(/.*)?                 gen_context(system_u:object_r:container_runtime_tmpfs_t,s0)
