From 7d6b40b6d90464071be9dad2b52695edded518cc Mon Sep 17 00:00:00 2001
From: Ee Durbin <ee@python.org>
Date: Mon, 26 Aug 2024 15:10:43 -0400
Subject: [PATCH] ensure that the sshd privilege separation directory exists
 (#480)

Adds /usr/lib/tmpfiles.d/sshd-priv-sep.conf to ensure that /run/sshd exists on all boots.

Addresses #478
---
 salt/ssh/init.sls | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/salt/ssh/init.sls b/salt/ssh/init.sls
index ef1420fb..3a6f1179 100644
--- a/salt/ssh/init.sls
+++ b/salt/ssh/init.sls
@@ -21,6 +21,15 @@ ssh:
     - mode: "0644"
 
 
+/usr/lib/tmpfiles.d/sshd-priv-sep.conf:
+  file.managed:
+    - contents: |
+        d /run/sshd 0755 root root
+    - user: root
+    - group: root
+    - mode: "0644"
+
+
 # If we have defined host keys for this server, then we want to drop them here
 # instead of whatever is here by default.
 {% for fn in host_keys %}