Description of problem: postgrey is denied access to its own db-files because they are labeled as postfix_spool_t Version-Release number of selected component (if applicable): postfix-2.4.5-2.fc8 postgrey-1.30-1.fc8 selinux-policy-targeted-3.0.8-62.fc8 How reproducible: install postfix+postgrey, configure postfix to use postgrey-service Steps to Reproduce: 1. install postfix, postgrey 2. configure postfix to actually use postgrey 3. postgrey will be unable to access its db-files (spool) Actual results: avc: denied { read } for comm=postgrey dev=dm-2 path=/var/spool/postfix/postgrey/postgrey.db pid=2945 scontext=system_u:system_r:postgrey_t:s0 tclass=file tcontext=system_u:object_r:postfix_spool_t:s0 Expected results: no error/warning Additional info:
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-66.fc8
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.