Currently (policy-sources-1.11.3-3), /usr/sbin/sendmail.postfix is marked as system_u:object_r:sendmail_exec_t which causes problems as sendmail.postfix tries to read postfix configs, which sendmail_t is not allowed to do. I do not see any reason why /usr/sbin/sendmail.postfix would need to be sendmail_exec_t; I believe it should be postfix_exec_t instead.
On second thought, there is a reason for /usr/sbin/sendmail.postfix to be system_u:object_r:sendmail_exec_t. Hm, in that case we need to add allow sendmail_t postfix_etc_t:dir { search };
Fixed in selinux-policy-strict-1.13.2-7.src.rpm
I ended up having to allow the following 3 things: allow sendmail_t postfix_spool_t:dir { search }; allow sendmail_t postfix_etc_t:dir { search }; allow sendmail_t postfix_etc_t:file { read };
has the above changes been added to the policy?
I am adding them now. Missed this update.
Closing as these have been marked as modified, for a while. Feel free to reopen if not fixed