Applied policy update. Now I see these occasionally. But by the time I try and see what the matter is the file is gone: /var/log/maillog . . . Dec 9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock active/0A7EC60D8A: Resource temporarily unavailable . . . Dec 9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock active/8DD5060F81: Resource temporarily unavailable . . . Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: private/relay socket: malformed response Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: transport relay failure -- see a previous warning/fatal/panic logfile record for the problem description Dec 9 15:12:09 inet08 postfix/master[3195]: warning: process /usr/libexec/postfix/smtp pid 3670 exit status 1 Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: private/smtp socket: malformed response Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description Dec 9 15:12:09 inet08 postfix/master[3195]: warning: process /usr/libexec/postfix/smtp pid 3758 exit status 1 . . . /var/log/messages . . . Dec 9 15:12:15 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from lock access on the file /var/spool/postfix/active/8DD5060F81. For complete SELinux messages. run sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7 . . . sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7 SELinux is preventing /usr/libexec/postfix/smtp from lock access on the file /var/spool/postfix/active/9934A60C7D. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /var/spool/postfix/active/9934A60C7D default label should be postfix_spool_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/spool/postfix/active/9934A60C7D ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that smtp should be allowed lock access on the 9934A60C7D file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
Am 09.12.2014 um 23:04 schrieb James B. Byrne:> Applied policy update. Now I see these occasionally. But by the time I try and > see what the matter is the file is gone:Why do you start a new thread instead of continuing the old one about the very same topic?> /var/log/maillog > . . . > Dec 9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock > active/0A7EC60D8A: Resource temporarily unavailable > . . . > Dec 9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock > active/8DD5060F81: Resource temporarily unavailable > . . . > Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: private/relay socket: > malformed response > > Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: transport relay failure -- > see a previous warning/fatal/panic logfile record for the problem description > > Dec 9 15:12:09 inet08 postfix/master[3195]: warning: process > /usr/libexec/postfix/smtp pid 3670 exit status 1 > > Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: private/smtp socket: > malformed response > > Dec 9 15:12:09 inet08 postfix/qmgr[3198]: warning: transport smtp failure -- > see a previous warning/fatal/panic logfile record for the problem description > Dec 9 15:12:09 inet08 postfix/master[3195]: warning: process > /usr/libexec/postfix/smtp pid 3758 exit status 1 > > . . . > > > /var/log/messages > . . . > Dec 9 15:12:15 inet08 setroubleshoot: SELinux is preventing > /usr/libexec/postfix/smtp from lock access on the file > /var/spool/postfix/active/8DD5060F81. For complete SELinux messages. run > sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7 > . . . > > sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7 > SELinux is preventing /usr/libexec/postfix/smtp from lock access on the file > /var/spool/postfix/active/9934A60C7D. > > ***** Plugin restorecon (99.5 confidence) suggests ************************* > > If you want to fix the label. > /var/spool/postfix/active/9934A60C7D default label should be postfix_spool_t. > Then you can run restorecon. > Do > # /sbin/restorecon -v /var/spool/postfix/active/9934A60C7DDid you do that? I recommend you do a full relabeling of your system. You seem to have messed up several things. touch /.autorelabel reboot It will take some time during the boot. Not sure if your qmgr service has the type unix, but that will fail with the official CentOS 6 SELinux policy. The older fifo type works without modifications. But doesn't have to do with your errors shown above.> ***** Plugin catchall (1.49 confidence) suggests *************************** > > If you believe that smtp should be allowed lock access on the 9934A60C7D file > by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep smtp /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.ppAlexander