Description of problem: postfix/pickup[4377]: warning: maildrop/A551FC9571B: Permission denied postfix/pickup[4377]: warning: maildrop/F02C2C958CB: Permission denied postfix/pickup[4377]: warning: maildrop/2FFACC95788: Permission denied postfix/pickup[4377]: warning: maildrop/30117C958CA: Permission denied postfix/pickup[4377]: warning: maildrop/30062C958C4: Permission denied postfix/pickup[4377]: warning: maildrop/2FFD7C95867: Permission denied postfix/pickup[4377]: warning: open input file maildrop/A551FC9571B: cannot open file: Permission denied postfix/pickup[4377]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/A551FC9571B postfix/pickup[4377]: warning: open input file maildrop/F02C2C958CB: cannot open file: Permission denied postfix/pickup[4377]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/F02C2C958CB postfix/pickup[4377]: warning: open input file maildrop/2FFACC95788: cannot open file: Permission denied postfix/pickup[4377]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/2FFACC95788 postfix/pickup[4377]: warning: open input file maildrop/30117C958CA: cannot open file: Permission denied postfix/pickup[4377]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/30117C958CA postfix/pickup[4377]: warning: open input file maildrop/30062C958C4: cannot open file: Permission denied postfix/pickup[4377]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/30062C958C4 postfix/pickup[4377]: warning: open input file maildrop/2FFD7C95867: cannot open file: Permission denied postfix/pickup[4377]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/2FFD7C95867 postfix/smtpd[4532]: connect from int-fw.hq.stgt.etes.de[127.0.0.1] Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-106 How reproducible: Everytime a mail gets temporary queued by postfix and shall be requeued for delivering e.g. via postsuper -r ALL. Actual results: Temporary queued mails in postfix can't be delivered :-( Expected results: Working stuff as without SELinux... Additional info: This solves the problem for me: allow postfix_pickup_t postfix_spool_t:file { read getattr unlink }; as per following log infos: type=AVC msg=audit(1204117213.700:33094): avc: denied { getattr } for pid=4377 comm="pickup" path="/var/spool/postfix/maildrop/A551FC9571B" dev=sda2 ino=13195035 scontext=user_u:system_r:postfix_pickup_t:s0 tcontext=user_u:object_r:postfix_spool_t:s0 tclass=file type=SYSCALL msg=audit(1204117213.700:33094): arch=c000003e syscall=6 success=no exit=-13 a0=555564f943e0 a1=7ffffc7cd888 a2=7ffffc7cd888 a3=0 items=0 ppid=4375 pid=4377 auid=1005 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm="pickup" exe="/usr/libexec/postfix/pickup" subj=user_u:system_r:postfix_pickup_t:s0 key=(null) type=AVC msg=audit(1204117513.313:33141): avc: denied { read } for pid=4377 comm="pickup" name="A551FC9571B" dev=sda2 ino=13195035 scontext=user_u:system_r:postfix_pickup_t:s0 tcontext=user_u:object_r:postf ix_spool_t:s0 tclass=file type=SYSCALL msg=audit(1204117513.313:33141): arch=c000003e syscall=2 success=no exit=-13 a0=555564f94570 a1=800 a2=0 a3=0 items=0 ppid=4375 pid=4377 auid=1005 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sg id=89 fsgid=89 tty=(none) comm="pickup" exe="/usr/libexec/postfix/pickup" subj=user_u:system_r:postfix_pickup_t:s0 key=(null) type=AVC msg=audit(1204117813.774:33182): avc: denied { unlink } for pid=4377 comm="pickup" name="A551FC9571B" dev=sda2 ino=13195035 scontext=user_u:system_r:postfix_pickup_t:s0 tcontext=user_u:object_r:pos tfix_spool_t:s0 tclass=file type=SYSCALL msg=audit(1204117813.774:33182): arch=c000003e syscall=87 success=no exit=-13 a0=555564f94570 a1=555564f94bf0 a2=555564f946a0 a3=0 items=0 ppid=4375 pid=4377 auid=1005 uid=89 gid=89 euid=89 suid=8 9 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) comm="pickup" exe="/usr/libexec/postfix/pickup" subj=user_u:system_r:postfix_pickup_t:s0 key=(null)
restorecon -R -v /var/spool/postfix/maildrop Should fix. Not sure how this is getting mislabeled. Is there something deleting and recreating this directory?
It was just a normal installation with sendmail. Removed sendmail and installed postfix. Not more and not less.
Did the restorecon fix the labeling? If not could you try the policy on http://people.redhat.com/dwalsh/SELinux/RHEL5 This is a preview of the U2 policy.
restorecon -R -v /var/spool/postfix/maildrop caused no output and return code is zero. AFAIK relabeling (if any is done) causes output.
Ok try the U2 policy, this must have been fixed post u1. Fixed in selinux-policy-2.4.6-122.el5
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html