Am 23.01.2017 um 23:44 schrieb Tim Smith: > Thanks for the pointer, will take a look down that route. > > Could you confirm the below is expected behaviour on Centos ? > > # semanage fcontext -a -t my_postfixauth_private_t > "/var/spool/postfix/private(/.*)?" > ValueError: Type my_postfixauth_private_t is invalid, must be a file > or device type Did you define my_postfixauth_private_t yourself? And if so, why? All my sockets inside /var/spool/postfix/private/ have the type postfix_private_t. I don't see why you think a non-standard type would fit. And postfix_private_t gets automatically assigned and a custom fcontext should not be necessary. Alexander