[CentOS] CentOS-6.6 - Selinux and Postfix-2.11.1

Tue Dec 9 22:04:17 UTC 2014
James B. Byrne <byrnejb at harte-lyne.ca>

Applied policy update. Now I see these occasionally. But by the time I try and
see what the matter is the file is gone:


/var/log/maillog
. . .
Dec  9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock
active/0A7EC60D8A: Resource temporarily unavailable
. . .
Dec  9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock
active/8DD5060F81: Resource temporarily unavailable
. . .
Dec  9 15:12:09 inet08 postfix/qmgr[3198]: warning: private/relay socket:
malformed response

Dec  9 15:12:09 inet08 postfix/qmgr[3198]: warning: transport relay failure --
see a previous warning/fatal/panic logfile record for the problem description

Dec  9 15:12:09 inet08 postfix/master[3195]: warning: process
/usr/libexec/postfix/smtp pid 3670 exit status 1

Dec  9 15:12:09 inet08 postfix/qmgr[3198]: warning: private/smtp socket:
malformed response

Dec  9 15:12:09 inet08 postfix/qmgr[3198]: warning: transport smtp failure --
see a previous warning/fatal/panic logfile record for the problem description
Dec  9 15:12:09 inet08 postfix/master[3195]: warning: process
/usr/libexec/postfix/smtp pid 3758 exit status 1

. . .


/var/log/messages
. . .
Dec  9 15:12:15 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from lock access on the file
/var/spool/postfix/active/8DD5060F81. For complete SELinux messages. run
sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7
. . .

sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7
SELinux is preventing /usr/libexec/postfix/smtp from lock access on the file
/var/spool/postfix/active/9934A60C7D.

*****  Plugin restorecon (99.5 confidence) suggests  *************************

If you want to fix the label.
/var/spool/postfix/active/9934A60C7D default label should be postfix_spool_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/spool/postfix/active/9934A60C7D

*****  Plugin catchall (1.49 confidence) suggests  ***************************

If you believe that smtp should be allowed lock access on the 9934A60C7D file
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep smtp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp



-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3