> On Mar 24, 2019, at 4:33 PM, Simon Deziel <si...@sdeziel.info> wrote:
>
> I am running postfix (3.3.0-1ubuntu0.2) confined by Apparmor and I
> noticed the tlsproxy process is apparently trying to connect to tlsmgr's
> Unix socket while still running as root.
The premise is false. On all the systems I've used, the "private" directory
belongs to the "$mail_owner" user:
$ ls -ld /var/spool/postfix/private/
drwx------ 2 postfix wheel 24 Mar 3 02:49 /var/spool/postfix/private/
and connections to peer services (e.g. to tlsmgr(8)) often happen after privs
are dropped. Some requests may happen before that, but the directory must be
generally readable by $mail_owner.
--
Viktor.
