On Monday, 26 June 2017 11:22:31 AM AEST Stephen Smalley wrote: > I'd be inclined to just drop open_init_pty (for that matter, I'd like > to deprecate/drop run_init entirely, but I guess it might be needed if > not using DIRECT_INITRC=y and not using systemd). Currently for my use (which involves more strict configurations than most Debian users have) the only use of run_init is for running newaliases on a Postfix system and for any dpkg commands relating to Postfix (which end up running newaliases in the postinst). The alternative to this is to allow sendmail when run from an unconfined_t or sysadm_t shell the ability to write to etc_aliases_t. Given the problems with run_init and the lack of use of it it seems that changing the policy to give slightly more access to sendmail would make sense. Currently we have user_mail_t as the domain for sendmail when run from unconfined_t and user_t. We need to either have separate domains for this or rely on constraints to prevent a user_r session from writing to etc_aliases_t. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/