From 52b4ecc94b85c253e6cc6d868b72310558cddd58 Mon Sep 17 00:00:00 2001
From: Justin Spencer <juspence+gitlab@redhat.com>
Date: Fri, 19 Nov 2021 22:37:11 -0500
Subject: [PATCH] Write PIDFile inside /var/run/usbguard directory

---
 src/Daemon/main.cpp                    | 2 +-
 src/Tests/LDAP/Sanity/ldap-nsswitch.sh | 2 +-
 src/Tests/LDAP/UseCase/ldap-test-1.sh  | 2 +-
 src/Tests/LDAP/UseCase/ldap-test-2.sh  | 2 +-
 src/Tests/LDAP/UseCase/ldap-test-3.sh  | 2 +-
 src/Tests/LDAP/UseCase/ldap-test-4.sh  | 2 +-
 src/Tests/LDAP/UseCase/ldap-test-5.sh  | 2 +-
 src/Tests/UseCase/004_daemonize.sh     | 2 +-
 usbguard.service.in                    | 5 +++--
 9 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/Daemon/main.cpp b/src/Daemon/main.cpp
index ee03dc93..2684c058 100644
--- a/src/Daemon/main.cpp
+++ b/src/Daemon/main.cpp
@@ -39,7 +39,7 @@
 #endif
 
 #ifndef USBGUARD_PID_FILE
-  #define USBGUARD_PID_FILE "/var/run/usbguard.pid"
+  #define USBGUARD_PID_FILE "/var/run/usbguard/usbguard.pid"
 #endif
 
 using namespace usbguard;
diff --git a/src/Tests/LDAP/Sanity/ldap-nsswitch.sh b/src/Tests/LDAP/Sanity/ldap-nsswitch.sh
index ea5cb751..4967b2ed 100755
--- a/src/Tests/LDAP/Sanity/ldap-nsswitch.sh
+++ b/src/Tests/LDAP/Sanity/ldap-nsswitch.sh
@@ -91,7 +91,7 @@ sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf
 
 COUNTER="0"
 declare -A BAD
-PIDFILE="/var/run/usbguard.pid"
+PIDFILE="/var/run/usbguard/usbguard.pid"
 
 function grep_and_fail ()
 {
diff --git a/src/Tests/LDAP/UseCase/ldap-test-1.sh b/src/Tests/LDAP/UseCase/ldap-test-1.sh
index bf309b31..0076b45a 100755
--- a/src/Tests/LDAP/UseCase/ldap-test-1.sh
+++ b/src/Tests/LDAP/UseCase/ldap-test-1.sh
@@ -89,7 +89,7 @@ sudo -n cat "$ldap_path"
 
 sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf
 
-PIDFILE="/var/run/usbguard.pid"
+PIDFILE="/var/run/usbguard/usbguard.pid"
 
 ${LDAP_UTIL} delete && true
 ${LDAP_UTIL} setup
diff --git a/src/Tests/LDAP/UseCase/ldap-test-2.sh b/src/Tests/LDAP/UseCase/ldap-test-2.sh
index bc2253e9..56aa5f39 100755
--- a/src/Tests/LDAP/UseCase/ldap-test-2.sh
+++ b/src/Tests/LDAP/UseCase/ldap-test-2.sh
@@ -89,7 +89,7 @@ sudo -n cat "$ldap_path"
 
 sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf
 
-PIDFILE="/var/run/usbguard.pid"
+PIDFILE="/var/run/usbguard/usbguard.pid"
 
 ${LDAP_UTIL} delete && true
 ${LDAP_UTIL} setup
diff --git a/src/Tests/LDAP/UseCase/ldap-test-3.sh b/src/Tests/LDAP/UseCase/ldap-test-3.sh
index b6a7131c..381d1ce1 100755
--- a/src/Tests/LDAP/UseCase/ldap-test-3.sh
+++ b/src/Tests/LDAP/UseCase/ldap-test-3.sh
@@ -89,7 +89,7 @@ sudo -n cat "$ldap_path"
 
 sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf
 
-PIDFILE="/var/run/usbguard.pid"
+PIDFILE="/var/run/usbguard/usbguard.pid"
 
 ${LDAP_UTIL} delete && true
 # ${LDAP_UTIL} setup
diff --git a/src/Tests/LDAP/UseCase/ldap-test-4.sh b/src/Tests/LDAP/UseCase/ldap-test-4.sh
index 507ec6af..56129720 100755
--- a/src/Tests/LDAP/UseCase/ldap-test-4.sh
+++ b/src/Tests/LDAP/UseCase/ldap-test-4.sh
@@ -89,7 +89,7 @@ sudo -n cat "$ldap_path"
 
 sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf
 
-PIDFILE="/var/run/usbguard.pid"
+PIDFILE="/var/run/usbguard/usbguard.pid"
 
 # ${LDAP_UTIL} delete && true
 # ${LDAP_UTIL} setup
diff --git a/src/Tests/LDAP/UseCase/ldap-test-5.sh b/src/Tests/LDAP/UseCase/ldap-test-5.sh
index 7dbc7f17..4eb9a8a1 100755
--- a/src/Tests/LDAP/UseCase/ldap-test-5.sh
+++ b/src/Tests/LDAP/UseCase/ldap-test-5.sh
@@ -141,7 +141,7 @@ sudo -n cat "$ldap_path"
 
 sudo -n cp "$ldap_path" /etc/usbguard/usbguard-ldap.conf
 
-PIDFILE="/var/run/usbguard.pid"
+PIDFILE="/var/run/usbguard/usbguard.pid"
 
 ${LDAP_UTIL} delete && true
 ${LDAP_UTIL} setup
diff --git a/src/Tests/UseCase/004_daemonize.sh b/src/Tests/UseCase/004_daemonize.sh
index 47d4fe7f..1c820eee 100755
--- a/src/Tests/UseCase/004_daemonize.sh
+++ b/src/Tests/UseCase/004_daemonize.sh
@@ -26,7 +26,7 @@ source "${USBGUARD_TESTLIB_BASH}" || exit 129
 export USBGUARD_TESTLIB_TMPDIR="$(mktemp -d --tmpdir usbguard-test.XXXXXX)"
 
 export config_path="${USBGUARD_TESTLIB_TMPDIR}/daemon.conf"
-export pidfile_path="${USBGUARD_TESTLIB_TMPDIR}/usbguard.pid"
+export pidfile_path="${USBGUARD_TESTLIB_TMPDIR}/usbguard/usbguard.pid"
 export logfile="${USBGUARD_TESTLIB_TMPDIR}/daemon.log"
 
 function test_cli_daemonize()
diff --git a/usbguard.service.in b/usbguard.service.in
index c618618b..c083b257 100644
--- a/usbguard.service.in
+++ b/usbguard.service.in
@@ -12,7 +12,7 @@ IPAddressDeny=any
 LockPersonality=yes
 MemoryDenyWriteExecute=yes
 NoNewPrivileges=yes
-PIDFile=/run/usbguard.pid
+PIDFile=/run/usbguard/usbguard.pid
 PrivateDevices=yes
 PrivateTmp=yes
 ProtectControlGroups=yes
@@ -20,11 +20,12 @@ ProtectHome=yes
 ProtectKernelModules=yes
 ProtectSystem=yes
 ReadOnlyPaths=-/
-ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run
+ReadWritePaths=-/dev/shm -%localstatedir%/log/usbguard -/tmp -%sysconfdir%/usbguard/ -/var/run/usbguard
 Restart=on-failure
 RestrictAddressFamilies=AF_UNIX AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
+RuntimeDirectory=usbguard
 SystemCallArchitectures=native
 SystemCallFilter=@system-service
 Type=forking