Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 612806 - mail-mta/postfix-3.1.2-r2 uses ReadWritePaths, which is introduced in systemd >= 231 only
Summary: mail-mta/postfix-3.1.2-r2 uses ReadWritePaths, which is introduced in systemd...
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Eray Aslan
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-16 11:37 UTC by Christian Holpert
Modified: 2020-10-12 09:54 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Holpert 2017-03-16 11:37:07 UTC
postfix uses in it's systemd service-unit the following lines:

ProtectSystem=full
ReadWritePaths=-/etc/mail/aliases.db

Since ReadWritePaths was introduced in systemd-231 this will prevent postalias from writing to aliases.db.
systemd > 226-r2 is masked ~x86 right now.

Using 'ProtectSystem=true' will work, since /etc is not affected then.

logfile:
Mär 16 11:43:49 colin systemd[1]: Reloading.
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/amavisd.service:19] Unknown lvalue 'MemoryDeny
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:15] Unknown lvalue 'ReadWriteP
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:17] Unknown lvalue 'MemoryDeny
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:18] Unknown lvalue 'ProtectKer
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:19] Unknown lvalue 'ProtectKer
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:20] Unknown lvalue 'ProtectCon
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:22] Unknown lvalue 'RestrictNa
Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:23] Unknown lvalue 'RestrictRe
Mär 16 11:43:49 colin systemd[1]: [/etc/systemd/system/postfix.service.d/unhardening.conf:3] Failed to pa
Mär 16 11:43:52 colin systemd[1]: Stopping Postfix Mail Transport Agent...
Mär 16 11:43:52 colin postfix/postfix-script[22637]: stopping the Postfix mail system
Mär 16 11:43:52 colin postfix/master[22562]: terminating on signal 15
Mär 16 11:43:52 colin postfix/postfix-script[22640]: waiting for the Postfix mail system to terminate
Mär 16 11:43:53 colin systemd[1]: Stopped Postfix Mail Transport Agent.
Mär 16 11:43:53 colin systemd[1]: Starting Postfix Mail Transport Agent...
Mär 16 11:43:53 colin postfix/postalias[22644]: fatal: open /etc/mail/aliases.db: Read-only file system
Mär 16 11:43:53 colin newaliases[22644]: postalias: fatal: open /etc/mail/aliases.db: Read-only file syst
Mär 16 11:43:54 colin postfix/postfix-script[22723]: starting the Postfix mail system
Comment 1 Dainius Masiliūnas 2017-03-25 23:25:29 UTC
I can confirm this. But all this does is give a non-fatal "fatal" error in the logs at the moment.

However, why run newaliases on each run to begin with? Aliases don't normally change that often and it's standard practice to run newaliases manually once you change the aliases file, no?
Comment 2 Christian Holpert 2017-03-26 08:25:30 UTC
You're right about newaliases. My aliases file has not changed since 2011. But running newaliases automatically at postfix start will prevent you from forgetting to run it after changing the aliases file.
I would vote for the automatic run. Having to run some command manually to make your changes work after editing files in /etc is at least not intuitive linux behaviour.

With 'ExecStartPre=-/usr/bin/newaliases' in the systemd unit it is automated and that way intuitive in my eyes.

After all the systemd unit brings in the newaliases-line which is not compatible with systemd <231 in conjunction with ReadWritePaths and Protectsystem=full.