1173895 – Issues managing multiple instance postfix with systemctl commands

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1173895 - Issues managing multiple instance postfix with systemctl commands

Summary: Issues managing multiple instance postfix with systemctl commands

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-12-13 20:18 UTC by jstephen
Modified:	2019-02-15 13:56 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-04-15 12:49:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description jstephen 2014-12-13 20:18:24 UTC

Description of problem:
SELinux issue attempting to manage postfix using systemctl commands after configuring multiple instances of postfix

Version-Release number of selected component (if applicable):
systemd-208-11.el7_0.5.x86_64
selinux-policy-3.12.1-153.el7_0.12.noarch
postfix-2.10.1-6.el7.x86_64

How reproducible:
Always

Steps to Reproduce:



Steps to reproduce issue:

        1) Configure multiple instances of postfix
        2) Attempt to stop/start/restart postfix with systemctl commands(FAILS)
        3) Check SELinux avc's
        4) Run restorecon on /var/spool/postfix* 
        5) Attempt to stop/start/restart postfix with systemctl commands(FAILS again)
        6) Check different SELinux avc's

-------------------------------------------------------------

[root@rhel7 ~]# postmulti -e init
[root@rhel7 ~]# postmulti -I postfix-out -G mta -e create

Modified the following in '/etc/postfix-out/master.cf'

    # Replace default "smtp inet" entry with one listening on port 10026.
    #smtp      inet  n       -       n       -       -       smtpd
    127.0.0.1:10026     inet  n       -       n       -       -       smtpd

[root@rhel7 ~]# postmulti -i postfix-out -x postconf -e "master_service_disable =" "authorized_submit_users = root"
[root@rhel7 ~]# postmulti -i postfix-out -e enable
[root@rhel7 ~]# postmulti -i postfix-out -p start
[root@rhel7 ~]# postmulti -l
-               -               y         /etc/postfix
postfix-out     mta             y         /etc/postfix-out

[root@rhel7 ~]# systemctl status postfix
postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
   Active: active (running) since Wed 2014-09-10 13:08:05 EDT; 29min ago
 Main PID: 2620 (master)
   CGroup: /system.slice/postfix.service
           ├─2620 /usr/libexec/postfix/master -w
           ├─2624 pickup -l -t unix -u
           └─2625 qmgr -l -t unix -u

Sep 10 13:08:03 rhel7.testing.com systemd[1]: Starting Postfix Mail Transport Agent...
Sep 10 13:08:05 rhel7.testing.com postfix/master[2620]: daemon started -- version 2.10.1, configuration /etc/postfix
Sep 10 13:08:05 rhel7.testing.com systemd[1]: Started Postfix Mail Transport Agent.

[root@rhel7 ~]# systemctl stop postfix

[root@rhel7 ~]# systemctl status postfix
postfix.service - Postfix Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled)
   Active: failed (Result: exit-code) since Wed 2014-09-10 13:38:03 EDT; 1min 5s ago
  Process: 13601 ExecStop=/usr/sbin/postfix stop (code=exited, status=1/FAILURE)
 Main PID: 2620 (code=killed, signal=TERM)

Sep 10 13:08:03 rhel7.testing.com systemd[1]: Starting Postfix Mail Transport Agent...
Sep 10 13:08:05 rhel7.testing.com postfix/master[2620]: daemon started -- version 2.10.1, configuration /etc/postfix
Sep 10 13:08:05 rhel7.testing.com systemd[1]: Started Postfix Mail Transport Agent.
Sep 10 13:37:57 rhel7.testing.com systemd[1]: Stopping Postfix Mail Transport Agent...
Sep 10 13:37:58 rhel7.testing.com postfix[13601]: sed: can't read pid/master.pid: Permission denied
Sep 10 13:37:58 rhel7.testing.com postfix[13601]: kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
Sep 10 13:38:03 rhel7.testing.com postfix[13601]: awk: fatal: cannot open file `pid/master.pid' for reading (Permission denied)
Sep 10 13:38:03 rhel7.testing.com systemd[1]: postfix.service: control process exited, code=exited status=1
Sep 10 13:38:03 rhel7.testing.com systemd[1]: Stopped Postfix Mail Transport Agent.
Sep 10 13:38:03 rhel7.testing.com systemd[1]: Unit postfix.service entered failed state.

AVC's Below:

type=AVC msg=audit(1410370677.995:617): avc:  denied  { write } for  pid=13608 comm="master" name="master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370677.995:617): arch=c000003e syscall=2 success=no exit=-13 a0=7fb6f4d89e00 a1=2 a2=0 a3=0 items=0 ppid=13603 pid=13608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370678.008:618): avc:  denied  { open } for  pid=13611 comm="sed" path="/var/spool/postfix-out/pid/master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370678.008:618): arch=c000003e syscall=2 success=no exit=-13 a0=7fff39f74d46 a1=0 a2=1b6 a3=7fff39f72d50 items=0 ppid=13603 pid=13611 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="sed" exe="/usr/bin/sed" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370678.015:619): avc:  denied  { write } for  pid=13613 comm="master" name="master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370678.015:619): arch=c000003e syscall=2 success=no exit=-13 a0=7f4bf35c8e00 a1=2 a2=0 a3=0 items=0 ppid=13603 pid=13613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370679.060:620): avc:  denied  { write } for  pid=13620 comm="master" name="master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370679.060:620): arch=c000003e syscall=2 success=no exit=-13 a0=7fe495de0e00 a1=2 a2=0 a3=0 items=0 ppid=13603 pid=13620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370680.094:621): avc:  denied  { write } for  pid=13653 comm="master" name="master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370680.094:621): arch=c000003e syscall=2 success=no exit=-13 a0=7fc979d75e00 a1=2 a2=0 a3=0 items=0 ppid=13603 pid=13653 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370681.138:622): avc:  denied  { write } for  pid=13671 comm="master" name="master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370681.138:622): arch=c000003e syscall=2 success=no exit=-13 a0=7f1d1f249e00 a1=2 a2=0 a3=0 items=0 ppid=13603 pid=13671 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370682.183:623): avc:  denied  { write } for  pid=13681 comm="master" name="master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370682.183:623): arch=c000003e syscall=2 success=no exit=-13 a0=7f165a65de00 a1=2 a2=0 a3=0 items=0 ppid=13603 pid=13681 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="master" exe="/usr/libexec/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410370683.236:624): avc:  denied  { open } for  pid=13692 comm="awk" path="/var/spool/postfix-out/pid/master.pid" dev="dm-0" ino=52503322 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_spool_t:s0 tclass=file
type=SYSCALL msg=audit(1410370683.236:624): arch=c000003e syscall=2 success=no exit=-13 a0=1d7ec80 a1=0 a2=1b6 a3=7fff070b5fa0 items=0 ppid=13603 pid=13692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="awk" exe="/usr/bin/gawk" subj=system_u:system_r:postfix_master_t:s0 key=(null)


-------------------------------------------------------------

[root@rhel7 ~]# ls -lZ /var/spool/postfix*/pid/master.pid
-rw-------. root root unconfined_u:object_r:var_spool_t:s0 /var/spool/postfix-out/pid/master.pid

[root@rhel7 ~]# restorecon -Rv /var/spool/postfix*
restorecon reset /var/spool/postfix-out context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/active context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/bounce context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/corrupt context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/defer context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/deferred context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/flush context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/hold context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/incoming context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/tlsmgr context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/rewrite context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/bounce context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/defer context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/trace context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/verify context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/proxymap context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/proxywrite context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/smtp context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/relay context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/error context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/retry context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/discard context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/local context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/virtual context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/lmtp context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/anvil context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/private/scache context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/maildrop context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/public context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/public/pickup context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/public/cleanup context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/public/qmgr context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/public/flush context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/public/showq context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/pid context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/pid/master.pid context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/saved context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0
restorecon reset /var/spool/postfix-out/trace context unconfined_u:object_r:var_spool_t:s0->unconfined_u:object_r:postfix_spool_t:s0

[root@rhel7 ~]# systemctl restart postfix
Job for postfix.service failed. See 'systemctl status postfix.service' and 'journalctl -xn' for details.

AVC's Below:

type=AVC msg=audit(1410371138.085:634): avc:  denied  { getattr } for  pid=14060 comm="find" path="/var/lib/postfix-out/master.lock" dev="dm-0" ino=37830714 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1410371138.085:634): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=65c628 a2=65c598 a3=100 items=0 ppid=14042 pid=14060 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.085:635): avc:  denied  { getattr } for  pid=14060 comm="find" path="/var/lib/postfix-out/master.lock" dev="dm-0" ino=37830714 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1410371138.085:635): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=65c628 a2=7fffa190c6b0 a3=100 items=0 ppid=14042 pid=14060 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.085:636): avc:  denied  { getattr } for  pid=14060 comm="find" path="/var/lib/postfix-out/master.lock" dev="dm-0" ino=37830714 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
type=SYSCALL msg=audit(1410371138.085:636): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=65c628 a2=7fffa190c7c0 a3=100 items=0 ppid=14042 pid=14060 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.135:637): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/tlsmgr" dev="dm-0" ino=1923541 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1410371138.135:637): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=1846038 a2=1845fa8 a3=100 items=0 ppid=14042 pid=14069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.135:638): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/tlsmgr" dev="dm-0" ino=1923541 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1410371138.135:638): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=1846038 a2=7fffd1bd1b20 a3=100 items=0 ppid=14042 pid=14069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.135:639): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/tlsmgr" dev="dm-0" ino=1923541 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1410371138.135:639): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=1846038 a2=7fffd1bd1c30 a3=100 items=0 ppid=14042 pid=14069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.135:640): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/tlsmgr" dev="dm-0" ino=1923541 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1410371138.135:640): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=1846038 a2=7fffd1bd1c30 a3=100 items=0 ppid=14042 pid=14069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.135:641): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/tlsmgr" dev="dm-0" ino=1923541 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1410371138.135:641): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=1846038 a2=7fffd1bd1c30 a3=100 items=0 ppid=14042 pid=14069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.154:642): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/rewrite" dev="dm-0" ino=1923543 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1410371138.154:642): arch=c000003e syscall=262 success=no exit=-13 a0=5 a1=1846158 a2=18460c8 a3=100 items=0 ppid=14042 pid=14069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="find" exe="/usr/bin/find" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1410371138.156:643): avc:  denied  { getattr } for  pid=14069 comm="find" path="/var/spool/postfix-out/private/rewrite" dev="dm-0" ino=1923543 scontext=system_u:system_r:postfix_master_t:s0 tcontext=unconfined_u:object_r:postfix_spool_t:s0 tclass=sock_file

Comment 2 Simon Sekidde 2014-12-14 02:30:52 UTC

Justin, 

Some labels are incorrect on the new directory.

To run multiple instances of Postfix one has to create a new (updated) configuration and spool directory and start them once they restore the correct context on the newly created directories. The preferred option is to use semanage to setup equivalency in labeling. 

 semanage fcontext -a -e /var/spool/postfix /var/spool/postfix-out
 restorecon -Rv /var/spool/postfix-out

Comment 3 Miroslav Grepl 2015-04-09 10:52:59 UTC

Is this a default directory?

/var/spool/postfix-out

Comment 4 Miroslav Grepl 2015-04-09 10:54:20 UTC

rpm -qf /var/spool/postfix-out

Note You need to log in before you can comment on or make changes to this bug.