Bug 1769294

Summary: PrivateDevices=true breaks services on s390x
Product: [Fedora] Fedora Reporter: Dan Horák <dan>
Component: systemdAssignee: systemd-maint
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 31CC: hannsj_uhl, kevin, lnykryn, msekleta, ssahani, s, systemd-maint, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: s390x   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-06 10:55:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 467765    

Description Dan Horák 2019-11-06 10:37:33 UTC 
Description of problem:
When PrivateDevices=true is used in a service like postfix, then it makes the service to fail on starting. It happens even when SELinux is in permissive mode. 


Version-Release number of selected component (if applicable):
systemd-243-4.gitef67743.fc31.s390x
postfix-3.4.7-1.fc31.s390x


How reproducible:
100%

Steps to Reproduce:
1. install F-31
2. install postfix
3. systemctl start postfix

Actual results:
Nov 06 03:54:53 devel7.s390.bos.redhat.com systemd[1]: Starting Postfix Mail Transport Agent...
Nov 06 03:54:53 devel7.s390.bos.redhat.com postfix[12641]: /usr/libexec/postfix/postfix-script: line 127: /dev/null: Operation not permitted
Nov 06 03:54:53 devel7.s390.bos.redhat.com postfix/postfix-script[12648]: fatal: the Postfix mail system is already running
Nov 06 03:54:54 devel7.s390.bos.redhat.com systemd[1]: postfix.service: Control process exited, code=exited, status=1/FAILURE
Nov 06 03:54:54 devel7.s390.bos.redhat.com systemd[1]: postfix.service: Failed with result 'exit-code'.
Nov 06 03:54:54 devel7.s390.bos.redhat.com systemd[1]: Failed to start Postfix Mail Transport Agent.


Expected results:
postfix started


Additional info:
This is very similar to bug 1746413 when dbus-broker couldn't be started with SELinux in enforcing mode.
Comment 1 Zbigniew Jędrzejewski-Szmek 2019-11-06 10:55:35 UTC 

*** This bug has been marked as a duplicate of bug 1769148 ***