DescriptionLaurent Jacquot
2017-01-10 19:35:20 UTC
upgraded from f24 to f25 and then postfix cannot access /dev/null anymore when setenforce = 1
[root@jack selinux]# systemctl start postfix.service
Job for postfix.service failed because the control process exited with error code.
[root@jack selinux]#journalctl -xe
AVCs...
janv. 10 20:14:19 jack postfix[11894]: /usr/libexec/postfix/postfix-script: line 122: /dev/null: Permission denied
AVCs...
janv. 10 20:14:20 jack systemd[1]: postfix.service: Control process exited, code=exited status=1
janv. 10 20:14:20 jack systemd[1]: Failed to start Postfix Mail Transport Agent.
[root@jack selinux]# cat /etc/fedora-release
Fedora release 25 (Twenty Five)
[root@jack selinux]# uname -r
4.8.15-300.fc25.x86_64
[root@jack selinux]# rpm -qa |grep selinux-policy
selinux-policy-devel-3.13.1-225.3.fc25.noarch
selinux-policy-targeted-3.13.1-225.3.fc25.noarch
selinux-policy-3.13.1-225.3.fc25.noarch
[root@jack selinux]# ls -lZ /dev/null
crw-rw-rw-. 1 root root system_u:object_r:null_device_t:s0 1, 3 8 janv. 22:14 /dev/null
but postfix is convinced that /dev/null is unlabeled, and wants me to insert the following semodule
To my understanding PrivateDevices=true directive in the /usr/lib/systemd/system/postfix.service is to be blamed. If set to false or commented postfix starts.
see #1389863 and #1398007 for more context