Bug#1093525: marked as done (postfix won't start on SE Linux systems after upgrade from <=3.9.1-4 to >=3.9.1-5)

Debian Bug Tracking System Tue, 27 Jan 2026 14:01:13 -0800

Your message dated Wed, 28 Jan 2026 00:59:12 +0300
with message-id <[email protected]>
and subject line Re: Bug#1093525: postfix won't start on SE Linux systems after 
upgrade from <=3.9.1-4 to >=3.9.1-5
has caused the Debian Bug report #1093525,
regarding postfix won't start on SE Linux systems after upgrade from <=3.9.1-4 
to >=3.9.1-5
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1093525: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093525
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: postfix
Version: 3.9.1-10+b1
Severity: normal

The method of updating files in /var/spool/postfix/etc has changed from
version 3.9.1-4 to 3.9.1-5 and the result is that /var/spool/postfix/etc
from previous versions has the type etc_t and the new code runs the cp
command as postfix_master_t which doesn't have permission to write to etc_t.

The solution to this is "rm -rf /var/spool/postfix/etc" as part of the upgrade
process, this means that the new /var/spool/postfix/etc dir will be created
as type postfix_spool_t.

This doesn't require any other SE Linux specific changes, just rm that dir and
everything else works.

-- System Information:
Debian Release: trixie/sid
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.9-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_AU:en
Shell: /bin/sh linked to /usr/bin/dash
Init: unable to detect

Versions of packages postfix depends on:
ii  adduser                3.137
ii  debconf [debconf-2.0]  1.5.89
ii  init-system-helpers    1.68
ii  libc6                  2.40-5
ii  libdb5.3t64            5.3.28+dfsg2-9
ii  libicu72               72.1-6
ii  libnsl2                1.3.0-3+b3
ii  libsasl2-2             2.1.28+dfsg1-8+b1
ii  libssl3t64             3.4.0-2
ii  netbase                6.4

Versions of packages postfix recommends:
ii  ca-certificates  20241223
ii  python3          3.13.1-2
ii  ssl-cert         1.1.3

Versions of packages postfix suggests:
ii  bsd-mailx [mail-reader]        8.1.2-0.20220412cvs-1
ii  geary [mail-reader]            46.0-5
ii  kmail [mail-reader]            4:24.12.0-2
ii  libsasl2-modules               2.1.28+dfsg1-8+b1
ii  mailutils [mail-reader]        1:3.17-2+b4
ii  mutt [mail-reader]             2.2.13-1
pn  postfix-cdb                    <none>
pn  postfix-doc                    <none>
pn  postfix-ldap                   <none>
pn  postfix-lmdb                   <none>
pn  postfix-mongodb                <none>
pn  postfix-mta-sts-resolver       <none>
pn  postfix-mysql                  <none>
pn  postfix-pcre                   <none>
pn  postfix-pgsql                  <none>
pn  postfix-sqlite                 <none>
ii  procmail                       3.24+really3.22-4
ii  systemd-resolved [resolvconf]  257.2-2
ii  thunderbird [mail-reader]      1:128.6.0esr-1
pn  ufw                            <none>

-- Configuration Files:
/etc/init.d/postfix [Errno 13] Permission denied: '/etc/init.d/postfix'
/etc/network/if-down.d/postfix [Errno 13] Permission denied: 
'/etc/network/if-down.d/postfix'
/etc/network/if-up.d/postfix [Errno 13] Permission denied: 
'/etc/network/if-up.d/postfix'
/etc/postfix/main.cf.proto [Errno 13] Permission denied: 
'/etc/postfix/main.cf.proto'
/etc/postfix/master.cf.proto [Errno 13] Permission denied: 
'/etc/postfix/master.cf.proto'
/etc/postfix/postfix-files [Errno 13] Permission denied: 
'/etc/postfix/postfix-files'
/etc/ppp/ip-down.d/postfix [Errno 13] Permission denied: 
'/etc/ppp/ip-down.d/postfix'
/etc/ppp/ip-up.d/postfix [Errno 13] Permission denied: 
'/etc/ppp/ip-up.d/postfix'
/etc/rsyslog.d/postfix.conf [Errno 13] Permission denied: 
'/etc/rsyslog.d/postfix.conf'

-- debconf-show failed

--- End Message ---

--- Begin Message --- On Mon, 20 Jan 2025 02:37:34 +1100 Russell Coker <[email protected]>wrote:

Package: postfix
Version: 3.9.1-10+b1
Severity: normal

The method of updating files in /var/spool/postfix/etc has changed from
version 3.9.1-4 to 3.9.1-5 and the result is that /var/spool/postfix/etc
from previous versions has the type etc_t and the new code runs the cp
command as postfix_master_t which doesn't have permission to write to etc_t.


In postfix 3.10.6-4, I stopped chrooting postfix.  Minimal support for
chrooting is still provided just for backwards compatibility, but not
for default install anymore.

I'm closing all chroot-related bug reports after this change.

The solution to this is "rm -rf /var/spool/postfix/etc" as part of the upgrade
process, this means that the new /var/spool/postfix/etc dir will be created
as type postfix_spool_t.

This doesn't require any other SE Linux specific changes, just rm that dir and
everything else works.


I'm not sure I follow, and it does not look like it is sufficient.

First, besides etc, there are other dirs created there - lib (before),
and now usr/lib/$multiarch too, also user-specific dirs.

And as it turned out, some users actually store their files in there
(in /var/spool/postfix/etc - for example, sasl2 user database is here
as suggested by some guide on the net) -- so I can't just remove etc
subdir in there without removing vital user data.

Hwell..

But hopefully, with no chroot by default, all this is history now.

Thanks,

/mjt

--- End Message ---

Bug#1093525: marked as done (postfix won't start on SE Linux systems after upgrade from <=3.9.1-4 to >=3.9.1-5)

Reply via email to