committing changes in /etc made by "-bash"

Package changes:

.etckeeper

@@ -973,23 +973,23 @@ maybe chmod 0644 'issue.net'
 maybe chmod 0644 'issue.rpmnew'
 maybe chmod 0755 'java'
 maybe chmod 0755 'java/java-1.8.0-openjdk'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/calendars.properties'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/logging.properties'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/blacklisted.certs'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.policy'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/java.security'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.cfg'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/nss.fips.cfg'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/limited/local_policy.jar'
-maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
-maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/lib/security/policy/unlimited/local_policy.jar'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/calendars.properties'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/logging.properties'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/blacklisted.certs'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/java.policy'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/java.security'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/nss.cfg'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/nss.fips.cfg'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy/limited'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy/limited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy/limited/local_policy.jar'
+maybe chmod 0755 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy/unlimited'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy/unlimited/US_export_policy.jar'
+maybe chmod 0644 'java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/policy/unlimited/local_policy.jar'
 maybe chmod 0755 'java/security'
 maybe chmod 0755 'java/security/security.d'
 maybe chmod 0755 'jvm'
@@ -1010,6 +1010,7 @@ maybe chmod 0755 'ld.so.conf.d'
 maybe chmod 0644 'ld.so.conf.d/bind-export-x86_64.conf'
 maybe chmod 0644 'ld.so.conf.d/dyninst-x86_64.conf'
 maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-193.6.3.el8_2.x86_64.conf'
+maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-305.10.2.el8_4.x86_64.conf'
 maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-305.3.1.el8.x86_64.conf'
 maybe chmod 0444 'ld.so.conf.d/kernel-4.18.0-305.7.1.el8_4.x86_64.conf'
 maybe chmod 0755 'letsencrypt'

alternatives/alt-java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/alt-java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/alt-java

alternatives/alt-java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/alt-java-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/java

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/java
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/java

alternatives/java.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/java-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/jjs

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/jjs
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/jjs

alternatives/jjs.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/jjs-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/jre

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre

alternatives/jre_1.8.0

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre

alternatives/jre_1.8.0_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64
+/usr/lib/jvm/jre-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64

alternatives/jre_openjdk

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre

alternatives/keytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/keytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/keytool

alternatives/keytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/keytool-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/orbd

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/orbd
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/orbd

alternatives/orbd.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/orbd-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/pack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/pack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/pack200

alternatives/pack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/pack200-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/policytool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/policytool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/policytool

alternatives/policytool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/policytool-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/rmid

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/rmid
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/rmid

alternatives/rmid.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/rmid-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/rmiregistry

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/rmiregistry
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/rmiregistry

alternatives/rmiregistry.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/rmiregistry-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/servertool

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/servertool
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/servertool

alternatives/servertool.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/servertool-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/tnameserv

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/tnameserv
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/tnameserv

alternatives/tnameserv.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/tnameserv-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

alternatives/unpack200

@@ -1 +1 @@
-/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64/jre/bin/unpack200
+/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/jre/bin/unpack200

alternatives/unpack200.1.gz

@@ -1 +1 @@
-/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.292.b10-1.el8_4.x86_64.1.gz
+/usr/share/man/man1/unpack200-java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64.1.gz

java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.302.b08-0.el8_4.x86_64/lib/security/java.security

@@ -1214,6 +1214,16 @@ jdk.security.caDistrustPolicies=SYMANTEC_TLS
 #
 #jdk.security.allowNonCaAnchor=true
 
+#
+# The default Character set name (java.nio.charset.Charset.forName())
+# for converting TLS ALPN values between byte arrays and Strings.
+# Prior versions of the JDK may use UTF-8 as the default charset. If
+# you experience interoperability issues, setting this property to UTF-8
+# may help.
+#
+# jdk.tls.alpnCharset=UTF-8
+jdk.tls.alpnCharset=ISO_8859_1
+
 #
 # JNDI Object Factories Filter
 #

ld.so.conf.d/kernel-4.18.0-305.10.2.el8_4.x86_64.conf

@@ -0,0 +1 @@
+    # Placeholder file, no vDSO hwcap entries used in this kernel.

opendmarc.conf

@@ -1,13 +1,14 @@
 ## opendmarc.conf -- configuration file for OpenDMARC filter
 ##
-## Copyright (c) 2012-2015, The Trusted Domain Project.  All rights reserved.
+## Copyright (c) 2012-2015, 2018, 2021, The Trusted Domain Project.
+##   All rights reserved.
 
 ## DEPRECATED CONFIGURATION OPTIONS
-## 
+##
 ## The following configuration options are no longer valid.  They should be
 ## removed from your existing configuration file to prevent potential issues.
 ## Failure to do so may result in opendmarc being unable to start.
-## 
+##
 ## Renamed in 1.3.0:
 ##   ForensicReports became FailureReports
 ##   ForensicReportsBcc became FailureReportsBcc
@@ -22,7 +23,7 @@
 ##  Sets the "authserv-id" to use when generating the Authentication-Results:
 ##  header field after verifying a message.  If the string "HOSTNAME" is
 ##  provided, the name of the host running the filter (as returned by the
-##  gethostname(3) function) will be used.  
+##  gethostname(3) function) will be used.
 #
 # AuthservID name
 
@@ -93,7 +94,7 @@
 ##  the process to the one specified here prior to beginning execution.
 ##  chroot(2) requires superuser access.  A warning will be generated if
 ##  UserID is not also set.
-# 
+#
 # ChangeRootDirectory /var/chroot/opendmarc
 
 ##  CopyFailuresTo (string)
@@ -104,9 +105,44 @@
 #
 # CopyFailuresTo postmaster@localhost
 
+##  DomainWhitelist (string)
+##  	default (none)
+##
+##  A brief list of whitelisted domains for which ARC signature headers are
+##  trusted as determined by evaluating entries in the "arc.chain" field found
+##  in a locally generated Authentication-Results header.
+##
+##  This list will be concatenated with DomainWhitelistFile (if provided).
+##
+# 
+# DomainWhitelist example.com
+
+##  DomainWhitelistFile path
+##  	default (none)
+##
+##  A comprehensive list of whitelisted domains for which ARC signature headers
+##  are trusted as determined by evaluating entries in the "arc.chain" field
+##  found in a locally generated Authentication-Results header.
+##
+##  This list will be concatenated with DomainWhitelist (if provided).
+##
+# 
+# DomainWhitelistFile /etc/opendmarc/whitelist.domains
+
+##  DomainWhitelistSize
+##  	default 3000
+##
+##  The maximum number of entries in the DomainWhitelist including both entries
+##  in the DomainWhitelist configuration parameter (above) and entries in the
+##  DomainWhitelistFile. This number will be increased by approximately 20% to
+##  increase the efficiency of the hashing algorithm.
+##
+# 
+# DomainWhitelistSize 3000
+
 ##  DNSTimeout (integer)
 ##  	default 5
-## 
+##
 ##  Sets the DNS timeout in seconds.  A value of 0 causes an infinite wait.
 ##  (NOT YET IMPLEMENTED)
 #
@@ -129,7 +165,7 @@
 ##  Enables generation of failure reports when the DMARC test fails and the
 ##  purported sender of the message has requested such reports.  Reports are
 ##  formatted per RFC6591.
-# 
+#
 # FailureReports false
 
 ##  FailureReportsBcc (string)
@@ -140,7 +176,7 @@
 ##  requested by the domain owner, the address(es) are added in a Bcc: field.
 ##  If no request is made, they address(es) are used in a To: field.  There
 ##  is no default.
-# 
+#
 # FailureReportsBcc postmaster@example.coom
 
 ##  FailureReportsOnNone { true | false }
@@ -150,7 +186,7 @@
 ##  domains that advertise "none" policies.  By default, reports are only
 ##  generated (when enabled) for sending domains advertising a "quarantine"
 ##  or "reject" policy.
-# 
+#
 # FailureReportsOnNone false
 
 ##  FailureReportsSentBy string
@@ -161,7 +197,7 @@
 ##  the user running the filter and the local hostname to construct an
 ##  email address.  "postmaster" is used in place of the userid if a name
 ##  could not be determined.
-# 
+#
 # FailureReportsSentBy USER@HOSTNAME
 
 ##  HistoryFile path
@@ -177,6 +213,19 @@
 #
 # HistoryFile /var/spool/opendmarc/opendmarc.dat
 
+##  HoldQuarantinedMessages { true | false }
+##  	default "false"
+##
+##  If set, the milter will signal to the mta that messages with
+##  p=quarantine, which fail dmarc authentication, should be held in
+##  the MTA's "Hold" or "Quarantine" queue.  The name varies by MTA.
+##  If false, messsages will be accepted and passed along with the 
+##  regular mail flow, and the quarantine will be left up to downstream
+##  MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
+##  including the Authentication-Results header added by OpenDMARC
+#
+# HoldQuarantinedMessages false
+
 ##  IgnoreAuthenticatedClients { true | false }
 ##  	default "false"
 ##
@@ -185,6 +234,20 @@
 #
 # IgnoreAuthenticatedClients false
 
+## HoldQuarantinedMessages { true | false }
+##  	default "false"
+##
+##  If set, the milter will signal to the mta that messages with
+##  p=quarantine, which fail dmarc authentication, should be held in
+##  the MTA's "Hold" or "Quarantine" queue.  The name varies by MTA.
+##  If false, messsages will be accepted and passed along with the 
+##  regular mail flow, and the quarantine will be left up to downstream
+##  MTA/MDA/MUA filters, if any, to handle by re-evaluating the headers,
+##  including the Authentication-Results header added by OpenDMARC
+#
+# HoldQuarantinedMessages false
+
+
 ##  IgnoreHosts path
 ##  	default (internal)
 ##
@@ -227,7 +290,8 @@
 ##  will be used to compute the Organizational Domain for a given domain name,
 ##  as described in the DMARC specification.  If not provided, the filter will
 ##  not be able to determine the Organizational Domain and only the presented
-##  domain will be evaluated.
+##  domain will be evaluated.  This file should be periodically updated.
+##  One location to retrieve the file from is https://publicsuffix.org/list/
 #
 # PublicSuffixList path
 
@@ -252,6 +316,15 @@
 #
 # RejectFailures false
 
+##  RejectMultiValueFrom { true | false }
+##  	default "false"
+##
+##  If set, messages with multiple addresses in the From: field of the message
+##  will be rejected unless all domains in the field are the same.  They will
+##  otherwise be ignored by the filter (the default).
+# 
+# RejectMultiValueFrom false
+
 ##  ReportCommand string
 ##  	default "/usr/sbin/sendmail -t"
 ##
@@ -300,7 +373,7 @@ SoftwareHeader true
 ##	default "false"
 ##
 ##  Causes the filter to ignore any SPF results in the header of the
-##  message.  This is useful if you want the filter to perfrom SPF checks
+##  message.  This is useful if you want the filter to perform SPF checks
 ##  itself, or because you don't trust the arriving header.
 #
 SPFIgnoreResults true

sysconfig/opendmarc

@@ -1,2 +1,2 @@
 # Set the necessary startup options
-OPTIONS="-c /etc/opendmarc.conf -P /var/run/opendmarc/opendmarc.pid"
+OPTIONS="-c /etc/opendmarc.conf -P /run/opendmarc/opendmarc.pid"

tmpfiles.d/opendmarc.conf

@@ -1 +1 @@
-D /var/run/opendmarc 0700 opendmarc opendmarc -
+D /run/opendmarc 0700 opendmarc opendmarc -