Currently, on systems using initscripts, /run/lock (aka /var/lock) has
permissions 1777. In the next release I want to remove this hard-coded
permissions, and let us follow whatever is configured in
I suggest we follow the upstream suggestion, whose justification has
been outlined on the systemd mailing list . The local admin can
easily overwrite this if they want by coping
/usr/lib/tmpfiles.d/legacy.conf to /etc/tmpfiles.d/ and edit it there.
This might mean that some pieces of software should be updated to
either use their own subdir such as /run/lock/<pkgname>, or be put in
the "lock" group and use /run/lock/lockdev.