login: Prefer /run over /var/run.
/var lives on the stateful partition, while /run is a tmpfs. Normally,
/var/run is a symlink to /run, but if a device is compromised, the
contents of /var cannot be trusted.
BUG=chromium:649039
TEST=Can boot/login with changes.
Change-Id: I06aa3491ad4897eecafe835611a0d837b22faef4
Reviewed-on: https://chromium-review.googlesource.com/388145
Commit-Ready: Ricky Zhou <rickyz@chromium.org>
Tested-by: Ricky Zhou <rickyz@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
diff --git a/login_manager/init/login.conf b/login_manager/init/login.conf
index 378a4ea..c443b07 100644
--- a/login_manager/init/login.conf
+++ b/login_manager/init/login.conf
@@ -14,5 +14,5 @@
# The "logged-in" file is used by ACPI events to behave
# appropriately. The state directory is created earlier in
# session startup.
- touch /var/run/state/logged-in
+ touch /run/state/logged-in
end script
diff --git a/login_manager/init/logout.conf b/login_manager/init/logout.conf
index 50c41fa..4883138 100644
--- a/login_manager/init/logout.conf
+++ b/login_manager/init/logout.conf
@@ -12,5 +12,5 @@
script
# Indicate that we're no longer logged in
- rm -f /var/run/state/logged-in
+ rm -f /run/state/logged-in
end script
diff --git a/login_manager/init/ui-collect-machine-info.conf b/login_manager/init/ui-collect-machine-info.conf
index 12dd842..87dd664 100644
--- a/login_manager/init/ui-collect-machine-info.conf
+++ b/login_manager/init/ui-collect-machine-info.conf
@@ -12,7 +12,7 @@
# that the VPD has been read and the udev database is fully initialized.
start on started system-services
-env UI_MACHINE_INFO_FILE=/var/run/session_manager/machine-info
+env UI_MACHINE_INFO_FILE=/run/session_manager/machine-info
script
# Just continue if one of the commands below fails.
diff --git a/login_manager/init/ui-init-late.conf b/login_manager/init/ui-init-late.conf
index 957e724..83e04e7 100644
--- a/login_manager/init/ui-init-late.conf
+++ b/login_manager/init/ui-init-late.conf
@@ -15,7 +15,7 @@
# data.
start on login-prompt-visible or stopped ui-collect-machine-info
-env UI_MACHINE_INFO_FILE=/var/run/session_manager/machine-info
+env UI_MACHINE_INFO_FILE=/run/session_manager/machine-info
script
# Bail out if data collection is still pending.