From 8fdc46433cb675e403a8e8328033b62bc9e3c899 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Wed, 25 Feb 2015 16:45:12 -0700
Subject: [PATCH] Create /usr/lib/tmpfiles.d/sudo.conf when systemd is used.

---
 plugins/sudoers/Makefile.in |  1 +
 sudo.pp                     | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)

diff --git a/plugins/sudoers/Makefile.in b/plugins/sudoers/Makefile.in
index 3aab586ee..d0d99d182 100644
--- a/plugins/sudoers/Makefile.in
+++ b/plugins/sudoers/Makefile.in
@@ -307,6 +307,7 @@ install-dirs:
 	    `echo $(DESTDIR)$(vardir)|$(SED) 's,/[^/]*$$,,'`
 	$(INSTALL) -d $(INSTALL_OWNER) -m 0711 $(DESTDIR)$(rundir)
 	$(INSTALL) -d $(INSTALL_OWNER) -m 0711 $(DESTDIR)$(vardir)
+	$(INSTALL) -d $(INSTALL_OWNER) -m 0700 $(DESTDIR)$(vardir)/lectured
 
 install-binaries: visudo sudoreplay install-dirs
 	INSTALL_BACKUP='~' $(LIBTOOL) --mode=install $(INSTALL) $(INSTALL_OWNER) -m 0755 sudoreplay $(DESTDIR)$(replaydir)/sudoreplay
diff --git a/sudo.pp b/sudo.pp
index 1008be11c..435977e65 100644
--- a/sudo.pp
+++ b/sudo.pp
@@ -272,6 +272,7 @@ still allow people to get their work done."
 	$sudoersdir/sudoers.d/	0750 $sudoers_uid:$sudoers_gid
 	$rundir/		0711 root:
 	$vardir/		0711 root: ignore-others
+	$vardir/lectured/	0700 root:
 	$docdir/		0755
 	$docdir/sudoers2ldif	0755 optional,ignore-others
 %if [deb]
@@ -398,6 +399,15 @@ still allow people to get their work done."
 		;;
 	esac
 
+%post [rpm,deb]
+	# Create /usr/lib/tmpfiles.d/sudo.conf if /lib/systemd exists
+	if [ -d /lib/systemd ]; then
+		cat > /usr/lib/tmpfiles.d/sudo.conf <<-EOF
+		d %{rundir} 0711 root root
+		d %{rundir}/ts 0700 root root
+		EOF
+	fi
+
 %post [aix]
 	# Create /etc/rc.d/rc2.d/S90sudo link if /etc/rc.d exists
 	if [ -d /etc/rc.d ]; then
@@ -423,6 +433,9 @@ still allow people to get their work done."
 	    X"`readlink /etc/sudo-ldap.conf 2>/dev/null`" = X"/etc/ldap/ldap.conf"; then
 		rm -f /etc/sudo-ldap.conf
 	fi
+
+	# Remove systemd tmpfile config
+	rm -f /usr/lib/tmpfiles.d/sudo.conf
 %endif
 %if [rpm]
 	case "%{pp_rpm_distro}" in
@@ -430,6 +443,10 @@ still allow people to get their work done."
 		# Remove /etc/rc.d/rc2.d/S90sudo link
 		rm -f /etc/rc.d/rc2.d/S90sudo
 		;;
+	*)
+		# Remove systemd tmpfile config
+		rm -f /usr/lib/tmpfiles.d/sudo.conf
+		;;
 	esac
 %endif
 %if [aix]
-- 
2.40.0