Summary SELinux is preventing /usr/bin/procmail (procmail_t) "getattr" to /var/spool/postfix (postfix_spool_t). Detailed Description SELinux denied access requested by /usr/bin/procmail. It is not expected that this access is required by /usr/bin/procmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /var/spool/postfix, restorecon -v /var/spool/postfix If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq- fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context user_u:system_r:procmail_t Target Context system_u:object_r:postfix_spool_t Target Objects /var/spool/postfix [ dir ] Affected RPM Packages procmail-3.22-19.fc7 [application]postfix-2.3.6-1 [target] Policy RPM selinux-policy-2.6.4-8.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name io Platform Linux io 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:47:07 EDT 2007 x86_64 x86_64 Alert Count 1 First Seen Sun 03 Jun 2007 01:36:55 PM EDT Last Seen Sun 03 Jun 2007 01:36:55 PM EDT Local ID d51c7e1f-363a-48cb-9d96-f567af758614 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="procmail" dev=sda1 egid=500 euid=500 exe="/usr/bin/procmail" exit=0 fsgid=500 fsuid=500 gid=500 items=0 name="postfix" path="/var/spool/postfix" pid=16121 scontext=user_u:system_r:procmail_t:s0 sgid=500 subj=user_u:system_r:procmail_t:s0 suid=500 tclass=dir tcontext=system_u:object_r:postfix_spool_t:s0 tty=(none) uid=500
i should mention that i configured Postfix to use Procmail with this entry in '/etc/postfix/main.cf': mailbox_command = procmail -a "$EXTENSION" this works fine (with the warning) with SELinux set to 'permissive' mode. i tried relabeling everything, but same problem.
Fixed in selinux-policy-2.6.4-13.fc7
Closing as fixes are in the current release