Bug#644326: rkhunter: /run transition: Please update use of /dev/.udev

biebl at debian.org biebl at debian.org
Tue Oct 4 21:50:29 UTC 2011

Source: rkhunter
Severity: important
User: rleigh at debian.org
Usertags: run-transition udev


/run is a new cross-distribution location for the storage of
transient state files, i.e. files containing run-time information
that may or may not need to be written early in the boot process and
which does not require preserving across reboots. [1] Support for
/run is an accepted release goal for wheezy.

A result of that change is, that udev no longer uses /dev/ to store
its runtime state file, i.e. the /dev/.udev/ directory, /dev/.udevdb
and /dev/.udev.tdb are gone and udev uses /run/udev/ now.

During an automated test your package rkhunter was flagged to
reference files/directories matching /dev/.udev A log of this test
can be found at [2].

In most cases checking for /dev/.udev is used to determine if udev is
active. This check no longer works with udev using /run/udev now.

In most cases, checking for udev being installed is not appropriate
and should be avoided.

Nowadays all reasonable systems either have udev installed or do not
need /dev to be managed (e.g. LXC, chroots): if your package only
needs to decide if MAKEDEV should be run then please just remove all
such code and assume that the device exists. If the package is only
useful when it reacts to uevents then it should probably depend on
udev. If checking for udev being active is really needed, then your
package needs to be updated to support this new location of the udev
database. If you have any doubts, please contact the udev maintainer
Marco d'Itri <md at linux.it>.

[1] http://wiki.debian.org/ReleaseGoals/RunDirectory


More information about the forensics-devel mailing list