postfix uses in it's systemd service-unit the following lines: ProtectSystem=full ReadWritePaths=-/etc/mail/aliases.db Since ReadWritePaths was introduced in systemd-231 this will prevent postalias from writing to aliases.db. systemd > 226-r2 is masked ~x86 right now. Using 'ProtectSystem=true' will work, since /etc is not affected then. logfile: Mär 16 11:43:49 colin systemd[1]: Reloading. Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/amavisd.service:19] Unknown lvalue 'MemoryDeny Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:15] Unknown lvalue 'ReadWriteP Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:17] Unknown lvalue 'MemoryDeny Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:18] Unknown lvalue 'ProtectKer Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:19] Unknown lvalue 'ProtectKer Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:20] Unknown lvalue 'ProtectCon Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:22] Unknown lvalue 'RestrictNa Mär 16 11:43:49 colin systemd[1]: [/usr/lib/systemd/system/postfix.service:23] Unknown lvalue 'RestrictRe Mär 16 11:43:49 colin systemd[1]: [/etc/systemd/system/postfix.service.d/unhardening.conf:3] Failed to pa Mär 16 11:43:52 colin systemd[1]: Stopping Postfix Mail Transport Agent... Mär 16 11:43:52 colin postfix/postfix-script[22637]: stopping the Postfix mail system Mär 16 11:43:52 colin postfix/master[22562]: terminating on signal 15 Mär 16 11:43:52 colin postfix/postfix-script[22640]: waiting for the Postfix mail system to terminate Mär 16 11:43:53 colin systemd[1]: Stopped Postfix Mail Transport Agent. Mär 16 11:43:53 colin systemd[1]: Starting Postfix Mail Transport Agent... Mär 16 11:43:53 colin postfix/postalias[22644]: fatal: open /etc/mail/aliases.db: Read-only file system Mär 16 11:43:53 colin newaliases[22644]: postalias: fatal: open /etc/mail/aliases.db: Read-only file syst Mär 16 11:43:54 colin postfix/postfix-script[22723]: starting the Postfix mail system
I can confirm this. But all this does is give a non-fatal "fatal" error in the logs at the moment. However, why run newaliases on each run to begin with? Aliases don't normally change that often and it's standard practice to run newaliases manually once you change the aliases file, no?
You're right about newaliases. My aliases file has not changed since 2011. But running newaliases automatically at postfix start will prevent you from forgetting to run it after changing the aliases file. I would vote for the automatic run. Having to run some command manually to make your changes work after editing files in /etc is at least not intuitive linux behaviour. With 'ExecStartPre=-/usr/bin/newaliases' in the systemd unit it is automated and that way intuitive in my eyes. After all the systemd unit brings in the newaliases-line which is not compatible with systemd <231 in conjunction with ReadWritePaths and Protectsystem=full.
The problem as it appears on my end is that ReadWritePaths expects /etc/mail/aliases.db to exist. Depending on the database used, the name of this file may be different. From the ebuild: > ... > # do not assume berkdb > if [[ ! -e /etc/mail/aliases.db \ > && ! -e /etc/mail/aliases.cdb \ > && ! -e /etc/mail/aliases.lmdb ]] ; then > ... If the line in the service file > ReadWritePaths=-/etc/mail/aliases.db is changed to > ReadWritePaths=-/etc/mail/aliases.db -/etc/mail/aliases.cdb -/etc/mail/aliases.lmdb then the issue appears resolved.
(In reply to Peter Levine from comment #3) > > ReadWritePaths=-/etc/mail/aliases.db -/etc/mail/aliases.cdb -/etc/mail/aliases.lmdb Thanks for the reminder. Should be fixed with 17d3ba5e. Closing as newaliases is run via the unit file.
