The binaries of postfix have moved from /usr/lib to /usr/libexec. Their is no rule to label those files. As a result postfix won't work at all. Reproducible: Always Steps to Reproduce: 1. Install sec-policy/selinux-postfix-2.20120215-r15 2. Install mail-mta/postfix-2.9.3 3. Relabel your system, check the labels 4. (Optionnal) Try to run postfix Actual Results: llaZ /usr/libexec/postfix total 8.3M 236K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 236K 2012-08-04 15:04 anvil* 288K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 288K 2012-08-04 15:04 bounce* 408K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 406K 2012-08-04 15:04 cleanup* 260K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 260K 2012-08-04 15:04 discard* 240K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 240K 2012-08-04 15:04 dnsblog* 264K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 264K 2012-08-04 15:04 error* 244K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 244K 2012-08-04 15:04 flush* 456K -rwxr-xr-x. 2 root root system_u:object_r:bin_t 456K 2012-08-04 15:04 lmtp* 360K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 360K 2012-08-04 15:04 local* 28K -rw-r--r--. 1 root root system_u:object_r:bin_t 26K 2012-08-04 15:04 main.cf 176K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 176K 2012-08-04 15:04 master* 8.0K -rw-r--r--. 1 root root system_u:object_r:bin_t 5.6K 2012-08-04 15:04 master.cf 324K -rwxr-xr-x. 2 root root system_u:object_r:bin_t 324K 2012-08-04 15:04 nqmgr* 316K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 316K 2012-08-04 15:04 oqmgr* 248K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 248K 2012-08-04 15:04 pickup* 300K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 300K 2012-08-04 15:04 pipe* 20K -rw-r--r--. 1 root root system_u:object_r:bin_t 19K 2012-08-04 15:04 postfix-files 12K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 8.1K 2012-08-04 15:04 postfix-script* 8.0K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 6.4K 2012-08-04 15:04 postfix-wrapper* 28K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 26K 2012-08-04 15:04 post-install* 12K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 8.3K 2012-08-04 15:04 postmulti-script* 300K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 300K 2012-08-04 15:04 postscreen* 224K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 224K 2012-08-04 15:04 proxymap* 324K -rwxr-xr-x. 2 root root system_u:object_r:bin_t 324K 2012-08-04 15:04 qmgr* 268K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 268K 2012-08-04 15:04 qmqpd* 232K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 232K 2012-08-04 15:04 scache* 252K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 252K 2012-08-04 15:04 showq* 456K -rwxr-xr-x. 2 root root system_u:object_r:bin_t 456K 2012-08-04 15:04 smtp* 556K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 553K 2012-08-04 15:04 smtpd* 236K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 236K 2012-08-04 15:04 spawn* 256K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 256K 2012-08-04 15:04 tlsmgr* 292K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 292K 2012-08-04 15:04 tlsproxy* 256K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 256K 2012-08-04 15:04 trivial-rewrite* 252K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 252K 2012-08-04 15:04 verify* 292K -rwxr-xr-x. 1 root root system_u:object_r:bin_t 292K 2012-08-04 15:04 virtual* Expected Results: llaZ /usr/libexec/postfix total 8.3M 236K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 236K 2012-08-04 15:04 anvil* 288K -rwxr-xr-x. 1 root root system_u:object_r:postfix_bounce_exec_t 288K 2012-08-04 15:04 bounce* 408K -rwxr-xr-x. 1 root root system_u:object_r:postfix_cleanup_exec_t 406K 2012-08-04 15:04 cleanup* 260K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 260K 2012-08-04 15:04 discard* 240K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 240K 2012-08-04 15:04 dnsblog* 264K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 264K 2012-08-04 15:04 error* 244K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 244K 2012-08-04 15:04 flush* 456K -rwxr-xr-x. 2 root root system_u:object_r:postfix_smtp_exec_t 456K 2012-08-04 15:04 lmtp* 360K -rwxr-xr-x. 1 root root system_u:object_r:postfix_local_exec_t 360K 2012-08-04 15:04 local* 28K -rw-r--r--. 1 root root system_u:object_r:postfix_exec_t 26K 2012-08-04 15:04 main.cf 176K -rwxr-xr-x. 1 root root system_u:object_r:postfix_master_exec_t 176K 2012-08-04 15:04 master* 8.0K -rw-r--r--. 1 root root system_u:object_r:postfix_exec_t 5.6K 2012-08-04 15:04 master.cf 324K -rwxr-xr-x. 2 root root system_u:object_r:postfix_qmgr_exec_t 324K 2012-08-04 15:04 nqmgr* 316K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 316K 2012-08-04 15:04 oqmgr* 248K -rwxr-xr-x. 1 root root system_u:object_r:postfix_pickup_exec_t 248K 2012-08-04 15:04 pickup* 300K -rwxr-xr-x. 1 root root system_u:object_r:postfix_pipe_exec_t 300K 2012-08-04 15:04 pipe* 20K -rw-r--r--. 1 root root system_u:object_r:postfix_exec_t 19K 2012-08-04 15:04 postfix-files 12K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 8.1K 2012-08-04 15:04 postfix-script* 8.0K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 6.4K 2012-08-04 15:04 postfix-wrapper* 28K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 26K 2012-08-04 15:04 post-install* 12K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 8.3K 2012-08-04 15:04 postmulti-script* 300K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 300K 2012-08-04 15:04 postscreen* 224K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 224K 2012-08-04 15:04 proxymap* 324K -rwxr-xr-x. 2 root root system_u:object_r:postfix_qmgr_exec_t 324K 2012-08-04 15:04 qmgr* 268K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 268K 2012-08-04 15:04 qmqpd* 232K -rwxr-xr-x. 1 root root system_u:object_r:postfix_smtp_exec_t 232K 2012-08-04 15:04 scache* 252K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 252K 2012-08-04 15:04 showq* 456K -rwxr-xr-x. 2 root root system_u:object_r:postfix_smtp_exec_t 456K 2012-08-04 15:04 smtp* 556K -rwxr-xr-x. 1 root root system_u:object_r:postfix_smtpd_exec_t 553K 2012-08-04 15:04 smtpd* 236K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 236K 2012-08-04 15:04 spawn* 256K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 256K 2012-08-04 15:04 tlsmgr* 292K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 292K 2012-08-04 15:04 tlsproxy* 256K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 256K 2012-08-04 15:04 trivial-rewrite* 252K -rwxr-xr-x. 1 root root system_u:object_r:postfix_exec_t 252K 2012-08-04 15:04 verify* 292K -rwxr-xr-x. 1 root root system_u:object_r:postfix_virtual_exec_t 292K 2012-08-04 15:04 virtual* If you try to launch postfix, the logs will contain errors such as: Aug 4 21:22:10 *** postfix/pickup[12217]: warning: open input file maildrop/********: cannot open file: Permission denied Aug 4 21:22:10 *** postfix/pickup[12217]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/******** Aug 4 21:22:10 *** postfix/pickup[12217]: warning: open input file maildrop/********: cannot open file: Permission denied Aug 4 21:22:10 *** postfix/pickup[12217]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/******** Aug 4 21:22:10 *** postfix/pickup[12217]: warning: open input file maildrop/********: cannot open file: Permission denied Aug 4 21:22:10 *** postfix/pickup[12217]: warning: if this file was created by Postfix < 1.1, then you may have to chmod a+r /var/spool/postfix/maildrop/********
I just checked the postfix.fc contained in both the current policy and the one in the overlay. There is a "ifdef(`distro_redhat'," that changes the rules in order to use the /usr/libexec instead of the /usr/lib. What's strange is that this ifdef also introduces a new line: /usr/libexec/postfix/showq -- gen_context(system_u:object_r:postfix_showq_exec_t,s0)
Will be in rev2
r2 is now in hardened-dev overlay
In main tree, ~arch'ed (rev 5)
stabilized