SELinux is preventing /usr/libexec/postfix/bounce from 'lock' accesses on the file /var/spool/postfix/defer/8/81D4FE0DF0. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that bounce should be allowed lock access on the 81D4FE0DF0 file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep bounce /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:postfix_bounce_t:s0 Target Context system_u:object_r:postfix_spool_maildrop_t:s0 Target Objects /var/spool/postfix/defer/8/81D4FE0DF0 [ file ] Source bounce Source Path /usr/libexec/postfix/bounce Port <Unknown> Host (removed) Source RPM Packages postfix-2.8.4-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-38.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.40.4-5.fc15.x86_64 #1 SMP Tue Aug 30 14:38:32 UTC 2011 x86_64 x86_64 Alert Count 1 First Seen Tue 13 Sep 2011 12:29:54 BST Last Seen Tue 13 Sep 2011 12:29:54 BST Local ID 180f38c9-834a-4bd5-886a-ca8fe6ae056e Raw Audit Messages type=AVC msg=audit(1315913394.189:1046): avc: denied { lock } for pid=2438 comm="bounce" path="/var/spool/postfix/defer/8/81D4FE0DF0" dev=dm-1 ino=921074 scontext=system_u:system_r:postfix_bounce_t:s0 tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=file type=SYSCALL msg=audit(1315913394.189:1046): arch=x86_64 syscall=flock success=yes exit=0 a0=d a1=6 a2=6 a3=fffffffffffffff0 items=0 ppid=1492 pid=2438 auid=4294967295 uid=89 gid=89 euid=89 suid=89 fsuid=89 egid=89 sgid=89 fsgid=89 tty=(none) ses=4294967295 comm=bounce exe=/usr/libexec/postfix/bounce subj=system_u:system_r:postfix_bounce_t:s0 key=(null) Hash: bounce,postfix_bounce_t,postfix_spool_maildrop_t,file,lock audit2allow #============= postfix_bounce_t ============== allow postfix_bounce_t postfix_spool_maildrop_t:file lock; audit2allow -R #============= postfix_bounce_t ============== allow postfix_bounce_t postfix_spool_maildrop_t:file lock;
Are you getting only this AVC? What does grep postfix_bounce_t /var/log/audit/audit.log
selinux-policy-3.9.16-48.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/selinux-policy-3.9.16-48.fc15
Package selinux-policy-3.9.16-48.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.9.16-48.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-16023/selinux-policy-3.9.16-48.fc15 then log in and leave karma (feedback).
selinux-policy-3.9.16-48.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.