From c84d9bec135b7a3c278de5045eff6e05ab98b58b Mon Sep 17 00:00:00 2001
From: Neal Gompa <ngompa@fedoraproject.org>
Date: Sat, 27 Apr 2024 10:14:22 -0400
Subject: [PATCH] Move sockets to rundir

---
 ...n-Add-support-for-the-socket-existin.patch | 44 +++++++++++++++++++
 incus-tmpfiles.conf                           |  1 +
 incus-user.socket                             |  2 +-
 incus.fc                                      |  3 +-
 incus.socket                                  |  2 +-
 incus.spec                                    |  6 ++-
 6 files changed, 54 insertions(+), 4 deletions(-)
 create mode 100644 0001-client-connection-Add-support-for-the-socket-existin.patch

diff --git a/0001-client-connection-Add-support-for-the-socket-existin.patch b/0001-client-connection-Add-support-for-the-socket-existin.patch
new file mode 100644
index 0000000..cf0d849
--- /dev/null
+++ b/0001-client-connection-Add-support-for-the-socket-existin.patch
@@ -0,0 +1,44 @@
+From bac712576069204618f642ef5ed3d8be942864b4 Mon Sep 17 00:00:00 2001
+From: Neal Gompa <neal@gompa.dev>
+Date: Sat, 27 Apr 2024 10:01:14 -0400
+Subject: [PATCH] client/connection: Add support for the socket existing in
+ /run/incus
+
+Transient sockets are supposed to be in /run rather than /var, so make
+it possible to detect that automatically when used.
+
+Signed-off-by: Neal Gompa <neal@gompa.dev>
+---
+ client/connection.go | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/client/connection.go b/client/connection.go
+index 01be07685..2792ccbe4 100644
+--- a/client/connection.go
++++ b/client/connection.go
+@@ -157,7 +157,8 @@ func ConnectIncusUnix(path string, args *ConnectionArgs) (InstanceServer, error)
+ //
+ // If the path argument is empty, then $INCUS_SOCKET will be used, if
+ // unset $INCUS_DIR/unix.socket will be used and if that one isn't set
+-// either, then the path will default to /var/lib/incus/unix.socket.
++// either, then the path will default to /run/incus/unix.socket or
++// /var/lib/incus/unix.socket.
+ func ConnectIncusUnixWithContext(ctx context.Context, path string, args *ConnectionArgs) (InstanceServer, error) {
+ 	logger.Debug("Connecting to a local Incus over a Unix socket")
+ 
+@@ -180,7 +181,11 @@ func ConnectIncusUnixWithContext(ctx context.Context, path string, args *Connect
+ 		if path == "" {
+ 			incusDir := os.Getenv("INCUS_DIR")
+ 			if incusDir == "" {
+-				incusDir = "/var/lib/incus"
++				if util.PathExists("/run/incus") {
++					incusDir = "/run/incus"
++				} else {
++					incusDir = "/var/lib/incus"
++				}
+ 			}
+ 
+ 			path = filepath.Join(incusDir, "unix.socket")
+-- 
+2.44.0
+
diff --git a/incus-tmpfiles.conf b/incus-tmpfiles.conf
index 5fb86ee..2e66a6d 100644
--- a/incus-tmpfiles.conf
+++ b/incus-tmpfiles.conf
@@ -1,3 +1,4 @@
 d /var/cache/incus 0700 root root - -
 d /var/log/incus 0700 root root - -
 d /var/lib/incus 0711 root root - -
+d /run/incus 0711 root root - -
diff --git a/incus-user.socket b/incus-user.socket
index 5c14276..92de5fe 100644
--- a/incus-user.socket
+++ b/incus-user.socket
@@ -2,7 +2,7 @@
 Description=Incus - Daemon (user unix socket)
 
 [Socket]
-ListenStream=/var/lib/incus/unix.socket.user
+ListenStream=/run/incus/unix.socket.user
 SocketGroup=incus
 SocketMode=0660
 Service=incus-user.service
diff --git a/incus.fc b/incus.fc
index a0827a4..5c95485 100644
--- a/incus.fc
+++ b/incus.fc
@@ -3,6 +3,7 @@
 /usr/libexec/incus(/.*)?            gen_context(system_u:object_r:container_runtime_exec_t,s0)
 /usr/lib/systemd/system/incus.*     gen_context(system_u:object_r:container_unit_file_t,s0)
 /var/cache/incus(/.*)?              gen_context(system_u:object_r:container_var_lib_t,s0)
-/var/lib/incus/unix.socket(.*)?  -s gen_context(system_u:object_r:container_var_run_t,s0)
 /var/lib/incus(/.*)?                gen_context(system_u:object_r:container_var_lib_t,s0)
 /var/log/incus(/.*)?                gen_context(system_u:object_r:container_log_t,s0)
+/run/incus/unix.socket(.*)?      -s gen_context(system_u:object_r:container_var_run_t,s0)
+/run/incus(/.*)?                    gen_context(system_u:object_r:container_var_run_t,s0)
diff --git a/incus.socket b/incus.socket
index 741fadd..7c98924 100644
--- a/incus.socket
+++ b/incus.socket
@@ -2,7 +2,7 @@
 Description=Incus - Daemon (unix socket)
 
 [Socket]
-ListenStream=/var/lib/incus/unix.socket
+ListenStream=/run/incus/unix.socket
 SocketGroup=incus-admin
 SocketMode=0660
 Service=incus.service
diff --git a/incus.spec b/incus.spec
index e854c37..e50e7d8 100644
--- a/incus.spec
+++ b/incus.spec
@@ -58,10 +58,13 @@ Source203:      %{swaggerui_source_baseurl}/swagger-ui.css#/swagger-ui-%{swagger
 ## Support correct incusd path
 ### From: https://github.com/lxc/incus/pull/799
 Patch0001:      0001-cmd-incus-admin_cluster-Add-libexec-path-for-incusd.patch
+## Support /run/incus
+### From: https://github.com/lxc/incus/pull/800
+Patch0002:      0001-client-connection-Add-support-for-the-socket-existin.patch
 
 # Downstream only patches
 ## Allow offline builds
-Patch1001:         incus-0.2-doc-Remove-downloads-from-sphinx-build.patch
+Patch1001:      incus-0.2-doc-Remove-downloads-from-sphinx-build.patch
 
 %global bashcompletiondir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null || :)
 %global selinuxtype targeted
@@ -470,6 +473,7 @@ export CGO_LDFLAGS_ALLOW="(-Wl,-wrap,pthread_create)|(-Wl,-z,now)"
 * Sat Apr 27 2024 Neal Gompa <ngompa@fedoraproject.org> - 6.0.0-1
 - Update to 6.0.0
 - Move libexec content to libexecdir
+- Move sockets to rundir
 
 * Wed Mar 27 2024 Neal Gompa <ngompa@fedoraproject.org> - 0.7-1
 - Update to 0.7