Trying to restart postfix installed from yum. Restart fails, I get:
type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for pid=31624 comm="master" name="defer" dev="dm-0" ino=981632 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file
I guess it needs to remove the /var/spool/postfix/defer socket file.
audit2allow says this will fix it:
allow postfix_master_t postfix_spool_maildrop_t:sock_file unlink;
But how do I add this permission to the existing Postfix Selinux policy??? Why was it missing???
By the way, I also had AVCs when I tried to add another instance of Postfix smtpd on local port 20025. Very frustrating there is no docs how to add a rule for this common change. I don't know if I did the right thing:
semanage port -a -t smtp_port_t -p tcp 20025
Is this the right way? Why isn't this documented somewhere?