From 92d51a26b979564beffd158b90123174325513f6 Mon Sep 17 00:00:00 2001
From: Josh Triplett <josh@joshtriplett.org>
Date: Fri, 1 Apr 2011 20:22:45 -0700
Subject: [PATCH] Make /run and /run/lock (and thus /var/run and /var/lock) world-writable and sticky

/var/lock normally has mode 1777, so that users can create lockfiles
but cannot remove each others' lockfiles.  (For instance, programs using
serial devices normally create lockfiles in /var/lock, even though those
programs do not run as root.)  Thus, make /run/lock 1777 as well, to
preserve this.

/var/run should have mode 1777 as well, so that daemons running as
non-root users can create their sockets there.  This helps both daemons
which start as root and drop privilege later (now they can drop
privilege sooner) and daemons which run as an ordinary user in the first
place and currently have to create their sockets in /tmp (gnome-keyring,
authentication agents, gvfs).

Signed-off-by: Josh Triplett <josh@joshtriplett.org>
---
 src/mount-setup.c       |    2 +-
 tmpfiles.d/systemd.conf |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/mount-setup.c b/src/mount-setup.c
index 49eab0b..3d9382a 100644
--- a/src/mount-setup.c
+++ b/src/mount-setup.c
@@ -54,7 +54,7 @@ static const MountPoint mount_table[] = {
         { "devtmpfs", "/dev",                   "devtmpfs", "mode=755",          MS_NOSUID,                    true },
         { "tmpfs",    "/dev/shm",               "tmpfs",    "mode=1777",         MS_NOSUID|MS_NODEV,           true },
         { "devpts",   "/dev/pts",               "devpts",   "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false },
-        { "tmpfs",    "/run",                   "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
+        { "tmpfs",    "/run",                   "tmpfs",    "mode=1777",         MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
         { "tmpfs",    "/sys/fs/cgroup",         "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
         { "cgroup",   "/sys/fs/cgroup/systemd", "cgroup",   "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
 };
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index ab6f201..e309dd5 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -7,7 +7,7 @@
 
 # See tmpfiles.d(5) for details
 
-d /run/lock 0755 root root -
+d /run/lock 1777 root root -
 d /run/user 0755 root root 10d
 F /run/utmp 0664 root utmp -
 
-- 
1.7.4.1