https://bugzilla.suse.com/show_bug.cgi?id=1203340 https://bugzilla.suse.com/show_bug.cgi?id=1203340#c8 --- Comment #8 from Matthias Gerstner <matthias.gerstner@suse.com> --- The /run line mentioned in comment 2 cannot stay this way for security reasons so please come up with a different systemd-tmpfiles configuration that works for the package. For /run/sendmail it makes more sense, although the permissions are still quite peculiar: - why does it need a sticky bit? - it's base mode is 01750 root:mail, so the mail group can *read* in there, which is kind of okay but ... - then via ACLs the mail user and group can also *write* in there. That looks fishy, if a root process is using this directory concurrently with a mail user/group process then this could pose security issues again via symlink attacks or what not. So can you please elaborate which processes running under which credentials access this directory and for what purpose? -- You are receiving this mail because: You are on the CC list for the bug.