Bug 1411942 - PrivateDevices=true gives unlabeled /dev/null
Summary: PrivateDevices=true gives unlabeled /dev/null
Status: CLOSED DUPLICATE of bug 1412696
Alias: None
Product: Fedora
Classification: Fedora
Component: systemd
Version: 25
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: systemd-maint
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-10 19:35 UTC by Laurent Jacquot
Modified: 2017-06-10 17:24 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-06-10 17:24:35 UTC
Type: Bug

Attachments (Terms of Use)

Description Laurent Jacquot 2017-01-10 19:35:20 UTC
upgraded from f24 to f25 and then postfix cannot access /dev/null anymore when setenforce = 1

[root@jack selinux]# systemctl start postfix.service 
Job for postfix.service failed because the control process exited with error code.
[root@jack selinux]#journalctl -xe
janv. 10 20:14:19 jack postfix[11894]: /usr/libexec/postfix/postfix-script: line 122: /dev/null: Permission denied
janv. 10 20:14:20 jack systemd[1]: postfix.service: Control process exited, code=exited status=1
janv. 10 20:14:20 jack systemd[1]: Failed to start Postfix Mail Transport Agent.

[root@jack selinux]# cat /etc/fedora-release 
Fedora release 25 (Twenty Five)
[root@jack selinux]# uname -r

[root@jack selinux]# rpm -qa |grep selinux-policy

[root@jack selinux]# ls -lZ /dev/null
crw-rw-rw-. 1 root root system_u:object_r:null_device_t:s0 1, 3  8 janv. 22:14 /dev/null

but postfix is convinced that /dev/null is unlabeled, and wants me to insert the following semodule 

To my understanding PrivateDevices=true directive in the /usr/lib/systemd/system/postfix.service is to be blamed. If set to false or commented postfix starts.


see #1389863 and #1398007 for more context

Comment 1 Laurent Jacquot 2017-01-20 18:40:52 UTC
same bug at #1412696

Comment 2 Zbigniew Jędrzejewski-Szmek 2017-06-10 17:24:35 UTC

*** This bug has been marked as a duplicate of bug 1412696 ***

Note You need to log in before you can comment on or make changes to this bug.