What were you trying to do that didn't work?

aide does not work out-of-the-box on bootc image mode when there is a dedicated /var (or /var/log). /var/lib/aide being not present, the command fails to write its db. The issue is likely the same on RHEL 10. Feel free to move this bug to the `rhel-bootc-container` component if needed.

What is the impact of this issue to you?

Evaluation of the product.

Please provide the package NVR for which the bug is seen:

aide-0.16-103.el9_6.2.x86_64

How reproducible is this bug?:

Always

Steps to reproduce

• Use a Containerfile that installs `aide`

FROM registry.redhat.io/rhel9/rhel-bootc:latest
RUN dnf update -y && dnf -y install aide && dnf clean all
RUN bootc container lint 

• Deploy it with a kickstart using `ostreecontainer` on a system with a dedicated /var (and optionally /var/log)
• Run `aide -i`.

Expected results

aide is able to write its db.

Actual results

# aide -i
Couldn't open file /var/log/aide/aide.log for writing
Cannot open /var/log/aide/aide.log for writing
Couldn't open file /var/lib/aide/aide.db.new.gz for writing

Suggested workaround

Create the missing directories using systemd-tmpfiles.d if they don't already exist.
NOTE: this list might be non-exhaustive.

# mkdir -p overlay/usr/local/lib/tmpfiles.d
# cat << EOF > overlay/usr/local/lib/tmpfiles.d/bootc-extra.conf  
d /var/lib/aide	0700	root	root	-	-
Z /var/lib/aide	-	-	-	-	-
d /var/log/aide	0700	root	root	-	-
Z /var/log/aide	-	-	-	-	-
EOF

And then append the following line to your Containerfile:

COPY overlay/ /