-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/var/run/keylime is deleted when system is rebooted #1025
Comments
Hi @sergio-correia , I think you have already applied a fix for this one, didn't you? |
Not yet, it's waiting for the next update, which should happen... soon(tm). I was waiting for a new release to be tagged with the recent fixes, but if one will not happen very soon, I will go ahead and update it with this fix anyway. @mpeters: do we expect a new release soon? |
yes, I'm going through the current outstanding PRs to see if they are ready or close to it. Expect a new version soon. |
@sergio-correia Any update? |
This was fixed in Fedora with release 6.4.2. Are you still experiencing the issue? |
We have a workaround in place so we are not experiencing it. I was thinking about removing it but then saw this issue still being open. Has this been addressed in upstream keylime install script? |
It seems this issue is still not fixed upstream. In Fedora this is addressed with |
The systemd way is probably the most distribution agnostic way to fix this. Can you make a PR for that that creates that file if you install the systemd services? |
|
It seems that sharing one directory by multiple services is not good idea |
The verifier and the IMA emulator service use it, so we can move the IMA emulator service to another dir and only use |
So we would also need a new service file for IMA emulator. |
Maybe, it currently runs as root and can just create its path. |
We are going to remove the IMA emulator with 7.0.0, so then we definitely only need it for the server components. |
Is your an issue a feature request? If so, please raise it as an enhancement
Environment
Description
/var/run/keylime is removed with reboot since systemd manages /var/run content. This leads to
Is
/var/run/keylime
used only by the revocation notifier which is started by the verifier or is it used also by the one that is started by keylime agent? If it is only verifier who is using it then it would be probably enough to define it the verifier unit file.However if the usage is more complex then we should probably use tpmfiles.d configuration since when using the approach above /var/run/keylime is removed when verifier is stopped.
I have configured tpmfiles.d like this:
Expected behavior vs. actual behavior
No traceback.
/var/run/keylime
is managed by systemd.Steps to reproduce problem
The text was updated successfully, but these errors were encountered: