Re: Postfix socket error

James B. Byrne Tue, 09 Dec 2014 13:53:07 -0800

On Tue, December 9, 2014 15:49, Viktor Dukhovni wrote:
> On Tue, Dec 09, 2014 at 03:39:29PM -0500, James B. Byrne wrote:
>
>> Dec  9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock
>> active/0A7EC60D8A: Resource temporarily unavailable
>> [...]
>> Dec  9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock
>> active/8DD5060F81: Resource temporarily unavailable
>> [...]
>
> The errors are right there.  The smtp delivery agent fails because
> you've run out of kernel resources,


I wonder if this might have some bearing on the issue:

Dec  9 15:12:15 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from lock access on the file
/var/spool/postfix/active/0A7EC60D8A. For complete SELinux messages. run
sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7
Dec  9 15:12:15 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from lock access on the file
/var/spool/postfix/active/8DD5060F81. For complete SELinux messages. run
sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7

Sigh.

Thank you for pointing me in the right direction.  We had a policy update this
morning.  I will check and see if that did something.



sealert -l 92969cc6-4d13-43ad-b39a-5ad0bbf2a4c7
SELinux is preventing /usr/libexec/postfix/smtp from lock access on the file
/var/spool/postfix/active/9934A60C7D.

*****  Plugin restorecon (99.5 confidence) suggests  *************************

If you want to fix the label.
/var/spool/postfix/active/9934A60C7D default label should be postfix_spool_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/spool/postfix/active/9934A60C7D

*****  Plugin catchall (1.49 confidence) suggests  ***************************

If you believe that smtp should be allowed lock access on the 9934A60C7D file
by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep smtp /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

Re: Postfix socket error

Reply via email to