Description of problem: postmap dies with the following error: [root@mail-internal postfix]# postmap relaydomains postmap: warning: can't open /proc/net/if_inet6 (Permission denied) - skipping IPv6 configuration [root@mail-internal postfix]# This happens with "inet_protocols = all" so that IPV6 is switched on. Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-279.el5.noarch postfix-2.3.3-2.1.el5_2.i386 How reproducible: Always with ipv6 enabled in postfix Steps to Reproduce: 1. switch on ipv6 in postfix 2. try postmap Actual results: [root@mail-internal postfix]# postmap relaydomains postmap: warning: can't open /proc/net/if_inet6 (Permission denied) - skipping IPv6 configuration [root@mail-internal postfix]# Expected results: Additional info: Workaround: I created a selinux module with audit2allow: module postfixipv6 1.0; require { type postfix_map_t; type proc_net_t; class dir search; class file { read write getattr }; } #============= postfix_map_t ============== allow postfix_map_t proc_net_t:dir search; allow postfix_map_t proc_net_t:file { read getattr };
Miroslav we have kernel_read_network_state(postfix_$1_t) In postfix_domain_template for RHEL6
Fixed in selinux-policy-2.4.6-288.el5
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: When using SELinux in the enforcing mode, the Postfix services were unable to retrieve information about the network state. With this update, the SELinux rules have been updated to allow the required access.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0026.html