Steps to reproduce:
1. Prior to update have zabbix-agent-3.4.12-1.el7.x86_64 installed, can see in the rpm verify settings tmpfiles.d/zabbix-agent.conf is not tagged as a config file
Contents of the tmpfiles.d/zabbix-agent.conf file has settings for /var/run/ to be 777 so service account can write to it after reboot.
2. run "yum update zabbix-agent"
Contents of the tmpfiles.d/zabbix-agent.conf get set back to default.
and permissions on /var/run/zabbix changed to 0755
so the service account being used can not write to /var/run/zabbix and agent fails to start.
The yum update of zabbix-agent would not overwrite the contents of /usr/lib/tmpfiles.d/zabbix-agent.conf.
We need this as company policy won't allow us to use the default zabbix user, and after a yum update the service account can no longer start zabbix, without updating the tmpfiles.d config and permissions on /var/run/zabbix.