http://bugzilla.opensuse.org/show_bug.cgi?id=1197242 Bug ID: 1197242 Summary: server:mail/postfix: postdrop error with enabled SELINUX when sending mail from a systemd service Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: varkoly@suse.com Reporter: opensuse_buildservice@ojkastl.de QA Contact: screening-team-bugs@suse.de Found By: --- Blocker: --- Hi again, part 2 of the SELINUX bugs (the first part is in 1197237). openSUSE MicroOS, postfix installed as "relay" aka using a relayhost. I am using the same configuration on many openSUSE MicroOS machines, but the problem only appears on the one where SELINUX is enabled. ``` Mar 17 16:25:04 deskmini systemd[1]: Starting Send Mail after Reboot... Mar 17 16:25:04 deskmini postfix/postdrop[17873]: fatal: mail_queue_enter: create file maildrop/213654.17873: no permission Mar 17 16:25:05 deskmini bash[17872]: sendmail: warning: command "/usr/sbin/postdrop -r" exited with status 1 Mar 17 16:25:05 deskmini bash[17872]: sendmail: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Application error Mar 17 16:25:05 deskmini postfix/sendmail[17872]: warning: command "/usr/sbin/postdrop -r" exited with status 1 Mar 17 16:25:05 deskmini postfix/sendmail[17872]: fatal: root(0): unable to execute /usr/sbin/postdrop -r: Application error Mar 17 16:25:05 deskmini systemd[1]: mail_after_reboot.service: Main process exited, code=exited, status=1/FAILURE Mar 17 16:25:05 deskmini systemd[1]: mail_after_reboot.service: Failed with result 'exit-code'. Mar 17 16:25:05 deskmini systemd[1]: Failed to start Send Mail after Reboot. ``` I have a custom service that runs after a reboot and sends a mail to root: ``` # /etc/systemd/system/mail_after_reboot.service [Unit] Description=Send Mail after Reboot Requires=postfix.service After=postfix.service [Service] Type=oneshot ExecStart=/bin/bash -c "echo -e \"Mail after reboot, now running: $(uname -a)\" | tee | /usr/bin/mailx -Ssendwait -s \"$HOSTNAME was rebooted on $(date), kernel is now: $(uname -r)\" root" [Install] WantedBy=multi-user.target ``` (The quoting is ugly, but I could not get to run without putting it into a "bash -c" command) For some reason, that service does not want to start anymore with the postdrop errors above. However, I can manually run the same command without the postdrop error: echo -e "Mail after reboot, now running: $(uname -a)" | tee | /usr/bin/mailx -Ssendwait -s "$HOSTNAME was rebooted on $(date), kernel is now: $(uname -r)" root So, this might be something with systemd running this as a special user and postdrop then not having enough permissions or something. And all of that in relation to SELINUX, as this service works fine on other openSUSE MicroOS machines (and on Tumbleweed). I already tried to use mail instead of mailx, but the error is still present when using the service. Maybe you have an idea where I could start looking? Kind Regards, Johannes -- You are receiving this mail because: You are on the CC list for the bug.