Re: postfix_smtp_t

Hi Dan, I got something like: type=SYSCALL msg=audit(1248337552.277:51): arch=40000003 syscall=5 success=yes exit=9 a0=2590dd8 a1=8000 a2=0 a3=0 items=0 ppid=3929 pid=3934 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="smtp" exe="/usr/libexec/postfix/smtp" subj=unconfined_u:system_r:postfix_smtp_t:s0 key=(null) type=AVC msg=audit(1248337552.277:52): avc: denied { lock } for pid=3934 comm="smtp" path="/home/choeger/cert/sasl_passwd.db" dev=dm-1 ino=2976113 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file (that's just a simple example) Basically postfix_smtp_t and user_home_t do not play nice - which is not a big surprise since that is what confinement is all about, but I wish there would be a way to handle that use case.