2075571 – Postfix ExecStartPre exception when dealing with SELinux

Bug 2075571 - Postfix ExecStartPre exception when dealing with SELinux

Summary: Postfix ExecStartPre exception when dealing with SELinux

Keywords:
Status:	ON_QA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	postfix
Sub Component:
Version:	CentOS Stream
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Jaroslav Škarvada
QA Contact:	František Hrdina
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-04-14 15:14 UTC by Daniel Juarez
Modified:	2023-08-17 14:15 UTC (History)
CC List:	7 users (show)
Fixed In Version:	postfix-3.5.9-24.el9
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-119008	0	None	None	None	2022-04-14 15:18:06 UTC

Description Daniel Juarez 2022-04-14 15:14:15 UTC

Description of problem:

The comments on https://bugzilla.redhat.com/show_bug.cgi?id=1335997 also describe this issue. On startup, postfix will report the following:

2022-04-12T09:58:20.503458+02:00 mig003.cern.ch systemd[1]: Starting Postfix Mail Transport Agent...
2022-04-12T09:58:20.508915+02:00 mig003.cern.ch systemd[1]: Started Puppet agent.
2022-04-12T09:58:20.514957+02:00 mig003.cern.ch systemd[1]: Starting Dynamic System Tuning Daemon...
2022-04-12T09:58:20.526526+02:00 mig003.cern.ch restorecon[881]: /usr/sbin/restorecon: lstat(/var/spool/postfix/pid/master.pid) failed: No such file or directory

Version-Release number of selected component (if applicable):


How reproducible:

On a freshly installed machine, postfix will report the mentioned exception.

[root@juarezcs9 pid]# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-04-14 17:00:04 CEST; 1min 43s ago
    Process: 5018 ExecStartPre=/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid (code=exited, status=255/EXCEPTION)
    Process: 5019 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
    Process: 5021 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
    Process: 5022 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
   Main PID: 5090 (master)
      Tasks: 3 (limit: 9919)
     Memory: 3.1M
        CPU: 378ms
     CGroup: /system.slice/postfix.service
             ├─5090 /usr/libexec/postfix/master -w
             ├─5091 pickup -l -t fifo -u
             └─5092 qmgr -l -t fifo -u

Apr 14 17:00:04 juarezcs9.cern.ch systemd[1]: Starting Postfix Mail Transport Agent...
Apr 14 17:00:04 juarezcs9.cern.ch restorecon[5018]: /usr/sbin/restorecon: lstat(/var/spool/postfix/pid/master.pid) failed: No such file or directory
Apr 14 17:00:04 juarezcs9.cern.ch postfix/postfix-script[5088]: starting the Postfix mail system
Apr 14 17:00:04 juarezcs9.cern.ch postfix/master[5090]: daemon started -- version 3.5.9, configuration /etc/postfix
Apr 14 17:00:04 juarezcs9.cern.ch systemd[1]: Started Postfix Mail Transport Agent.


Steps to fix it:
[root@juarezcs9 pid]# ls -Z /var/spool/postfix/pid/
system_u:object_r:postfix_var_run_t:s0 master.pid
[root@juarezcs9 pid]# service postfix stop
Redirecting to /bin/systemctl stop postfix.service
[root@juarezcs9 pid]# ls -Z /var/spool/postfix/pid/
[root@juarezcs9 pid]# postfix start
postfix/postfix-script: starting the Postfix mail system
[root@juarezcs9 pid]# pwd
/var/spool/postfix/pid
[root@juarezcs9 pid]# ls -Zd .
system_u:object_r:var_run_t:s0 .
[root@juarezcs9 pid]# ls -Z /var/spool/postfix/pid/
unconfined_u:object_r:var_run_t:s0 master.pid
[root@juarezcs9 pid]# postfix stop
postfix/postfix-script: stopping the Postfix mail system
[root@juarezcs9 pid]# ls -Z /var/spool/postfix/pid/
unconfined_u:object_r:var_run_t:s0 master.pid
[root@juarezcs9 pid]# service postfix start
Redirecting to /bin/systemctl start postfix.service
[root@juarezcs9 pid]# ls -Z /var/spool/postfix/pid/
unconfined_u:object_r:postfix_var_run_t:s0 master.pid
[root@juarezcs9 pid]# systemctl status postfix
● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
     Active: active (running) since Thu 2022-04-14 17:03:23 CEST; 6s ago
    Process: 5239 ExecStartPre=/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid (code=exited, status=0/SUCCESS)
    Process: 5240 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
    Process: 5242 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
    Process: 5243 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
   Main PID: 5311 (master)
      Tasks: 3 (limit: 9919)
     Memory: 3.1M
        CPU: 369ms
     CGroup: /system.slice/postfix.service
             ├─5311 /usr/libexec/postfix/master -w
             ├─5312 pickup -l -t fifo -u
             └─5313 qmgr -l -t fifo -u

Additional info:

It seems as if unless initially started with "postfix start", the systemd unit will report this issue.

Comment 1 Jaroslav Škarvada 2022-04-14 16:46:52 UTC

This should be just cosmetics, because it's conditional ExecStartPre with the "-" prefix, but I will try to silence it.

Comment 2 Jaroslav Škarvada 2022-04-14 16:48:56 UTC

And unless you have /var/spool/postfix on the tmpfs I think the problem should go away after next reboot.

Comment 3 Daniel Juarez 2022-04-19 10:20:57 UTC

(In reply to Jaroslav Škarvada from comment #2)
> And unless you have /var/spool/postfix on the tmpfs I think the problem
> should go away after next reboot.

I rebooted the machine and the exception is still there:

● postfix.service - Postfix Mail Transport Agent
     Loaded: loaded (/usr/lib/systemd/system/postfix.service; enabled; vendor preset: disabled)
     Active: active (running) since Tue 2022-04-19 12:10:57 CEST; 8min ago
    Process: 779 ExecStartPre=/usr/sbin/restorecon -R /var/spool/postfix/pid/master.pid (code=exited, status=255/EXCEPTION)
    Process: 786 ExecStartPre=/usr/libexec/postfix/aliasesdb (code=exited, status=0/SUCCESS)
    Process: 788 ExecStartPre=/usr/libexec/postfix/chroot-update (code=exited, status=0/SUCCESS)
    Process: 789 ExecStart=/usr/sbin/postfix start (code=exited, status=0/SUCCESS)
   Main PID: 921 (master)
      Tasks: 3 (limit: 9919)
     Memory: 7.9M
        CPU: 529ms
     CGroup: /system.slice/postfix.service
             ├─921 /usr/libexec/postfix/master -w
             ├─922 pickup -l -t fifo -u
             └─923 qmgr -l -t fifo -u

Apr 19 12:10:53 juarezcs9.cern.ch systemd[1]: Starting Postfix Mail Transport Agent...
Apr 19 12:10:54 juarezcs9.cern.ch restorecon[779]: /usr/sbin/restorecon: lstat(/var/spool/postfix/pid/master.pid) failed: No such file or directory
Apr 19 12:10:57 juarezcs9.cern.ch postfix/postfix-script[919]: starting the Postfix mail system
Apr 19 12:10:57 juarezcs9.cern.ch postfix/master[921]: daemon started -- version 3.5.9, configuration /etc/postfix
Apr 19 12:10:57 juarezcs9.cern.ch systemd[1]: Started Postfix Mail Transport Agent.

Note You need to log in before you can comment on or make changes to this bug.