Use /run and /run/lock instead of /var

Also add runstatedir autoconf var. IPA requires autoconf 2.59. The
variable will be available with autoconf 2.70.

Fixes: https://pagure.io/freeipa/issue/8272
Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

configure.ac

@@ -208,6 +208,17 @@ AC_ARG_WITH([sysconfenvdir],
             [sysconfenvdir="${sysconfdir}/sysconfig"])
 AC_SUBST([sysconfenvdir])
 
+dnl ---------------------------------------------------------------------------
+dnl - Get /run directory path
+dnl - available in autoconf 2.70+
+dnl ---------------------------------------------------------------------------
+AC_ARG_WITH([runstatedir],
+            AS_HELP_STRING([--with-runstatedir=DIR],
+                           [Runtime data directory]),
+            [runstatedir=$with_runstatedir],
+            [runstatedir="/run"])
+AC_SUBST([runstatedir])
+
 dnl ---------------------------------------------------------------------------
 dnl - Server-only configuration
 dnl ---------------------------------------------------------------------------

daemons/dnssec/Makefile.am

@@ -29,6 +29,7 @@ CLEANFILES = $(systemdsystemunit_DATA) $(nodist_app_SCRIPTS)
 		-e 's|@libexecdir[@]|$(libexecdir)|g' \
 		-e 's|@localstatedir[@]|$(localstatedir)|g' \
 		-e 's|@sysconfenvdir[@]|$(sysconfenvdir)|g' \
+		-e 's|@runstatedir[@]|$(runstatedir)|g' \
 		-e 's|@ODS_USER[@]|$(ODS_USER)|g' \
 		-e 's|@NAMED_GROUP[@]|$(NAMED_GROUP)|g' \
 		'$(srcdir)/$@.in' >$@

daemons/dnssec/ipa-ods-exporter.socket.in

@@ -1,5 +1,5 @@
 [Socket]
-ListenStream=@localstatedir@/run/opendnssec/engine.sock
+ListenStream=@runstatedir@/opendnssec/engine.sock
 
 [Install]
 WantedBy=sockets.target

daemons/ipa-kdb/Makefile.am

@@ -11,7 +11,7 @@ AM_CPPFLAGS =						\
 	-DLIBDIR=\""$(libdir)"\" 			\
 	-DLIBEXECDIR=\""$(libexecdir)"\"		\
 	-DDATADIR=\""$(datadir)"\"			\
-	-DLDAPIDIR=\""$(localstatedir)/run"\"		\
+	-DLDAPIDIR=\""$(runstatedir)"\"			\
 	$(AM_CFLAGS)					\
 	$(LDAP_CFLAGS)					\
 	$(KRB5_CFLAGS)					\

daemons/ipa-sam/Makefile.am

@@ -15,7 +15,7 @@ AM_CPPFLAGS =						\
 	-DLIBDIR=\""$(libdir)"\" 			\
 	-DLIBEXECDIR=\""$(libexecdir)"\"		\
 	-DDATADIR=\""$(datadir)"\"			\
-	-DLDAPIDIR=\""$(localstatedir)/run"\"		\
+	-DLDAPIDIR=\""$(runstatedir)"\"			\
 	-DHAVE_LDAP					\
 	-I$(top_srcdir)/util				\
 	$(CRYPTO_CFLAGS)				\

install/oddjob/com.redhat.idm.trust-fetch-domains.in

@@ -143,7 +143,7 @@ def generate_krb5_config(realm, server):
             server,
         )
 
-        (fd, tcfg) = tempfile.mkstemp(dir="/var/run/ipa",
+        (fd, tcfg) = tempfile.mkstemp(dir="/run/ipa",
                 prefix="krb5conf", text=True)
         with io.open(fd, mode='w', encoding='utf-8') as o:
             o.write(content)
@@ -191,8 +191,8 @@ keytab_name = "/etc/samba/samba.keytab"
 
 principal = str("cifs/" + api.env.host)
 
-oneway_ccache_name = "/var/run/ipa/krb5cc_oddjob_trusts_fetch"
-ccache_name = "/var/run/ipa/krb5cc_oddjob_trusts"
+oneway_ccache_name = "/run/ipa/krb5cc_oddjob_trusts_fetch"
+ccache_name = "/run/ipa/krb5cc_oddjob_trusts"
 
 # Standard sequence:
 # - check if ccache exists

ipaplatform/base/paths.py

@@ -358,15 +358,15 @@ class BasePathNamespace:
     VAR_OPENDNSSEC_DIR = "/var/opendnssec"
     OPENDNSSEC_KASP_DB = "/var/opendnssec/kasp.db"
     IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache"
-    VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
+    VAR_RUN_DIRSRV_DIR = "/run/dirsrv"
     IPA_CCACHES = "/run/ipa/ccaches"
     HTTP_CCACHE = "/var/lib/ipa/gssproxy/http.ccache"
     CA_BUNDLE_PEM = "/var/lib/ipa-client/pki/ca-bundle.pem"
     KDC_CA_BUNDLE_PEM = "/var/lib/ipa-client/pki/kdc-ca-bundle.pem"
-    IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
-    SVC_LIST_FILE = "/var/run/ipa/services.list"
-    KRB5CC_SAMBA = "/var/run/samba/krb5cc_samba"
-    SLAPD_INSTANCE_SOCKET_TEMPLATE = "/var/run/slapd-%s.socket"
+    IPA_RENEWAL_LOCK = "/run/ipa/renewal.lock"
+    SVC_LIST_FILE = "/run/ipa/services.list"
+    KRB5CC_SAMBA = "/run/samba/krb5cc_samba"
+    SLAPD_INSTANCE_SOCKET_TEMPLATE = "/run/slapd-%s.socket"
     ADMIN_CERT_PATH = '/root/.dogtag/pki-tomcat/ca_admin.cert'
     ENTROPY_AVAIL = '/proc/sys/kernel/random/entropy_avail'
     KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
@@ -404,8 +404,8 @@ class BasePathNamespace:
     SLAPD_INSTANCE_BACKUP_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/bak/%s"
     SLAPD_INSTANCE_DB_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/db/%s"
     SLAPD_INSTANCE_LDIF_DIR_TEMPLATE = "/var/lib/dirsrv/slapd-%s/ldif"
-    DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
-    ALL_SLAPD_INSTANCE_SOCKETS = "/var/run/slapd-*.socket"
+    DIRSRV_LOCK_DIR = "/run/lock/dirsrv"
+    ALL_SLAPD_INSTANCE_SOCKETS = "/run/slapd-*.socket"
     VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
     SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
     SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"

ipatests/test_integration/test_commands.py

@@ -747,7 +747,7 @@ class TestIPACommand(IntegrationTest):
         result = self.master.run_command([
             paths.IPA_CACERT_MANAGE,
             'install',
-            '/var/run/cert_not_found'], raiseonerr=False)
+            '/run/cert_not_found'], raiseonerr=False)
         assert result.returncode == 1
 
         cmd = self.master.run_command(['mktemp'])

selinux/ipa.fc

@@ -23,7 +23,7 @@
 
 /var/log/ipareplica-conncheck.log.*	--	gen_context(system_u:object_r:ipa_log_t,s0)
 
-/var/run/ipa(/.*)?              gen_context(system_u:object_r:ipa_var_run_t,s0)
+/run/ipa(/.*)?              gen_context(system_u:object_r:ipa_var_run_t,s0)
 
 /usr/libexec/ipa/ipa-custodia					--	gen_context(system_u:object_r:ipa_custodia_exec_t,s0)
 /usr/libexec/ipa/custodia/ipa-custodia-dmldap			--	gen_context(system_u:object_r:ipa_custodia_dmldap_exec_t,s0)

server.m4

@@ -65,7 +65,7 @@ dnl ---------------------------------------------------------------------------
 AC_CHECK_HEADER(krad.h, [], [AC_MSG_ERROR([krad.h not found])])
 AC_CHECK_LIB(krad, main, [ ], [AC_MSG_ERROR([libkrad not found])])
 KRAD_LIBS="-lkrad"
-krb5rundir="${localstatedir}/run/krb5kdc"
+krb5rundir="${runstatedir}/krb5kdc"
 AC_SUBST(KRAD_LIBS)
 AC_SUBST(krb5rundir)