Hi,
This seems like it must be a FAQ, but I've looked at a lot of documents and not found a straightforward answer, so I hope it's OK to post it here.
When I was configuring postfix with SASL and TLS, it kept failing. Specifically, one of the daemons couldn't do a write it had to do, even though I had the directory at 777. Here is the error message from maillog:
postfix/tlsmgr[19524]: fatal: tls_prng_exch_open: cannot open PRNG exchange file /var/lib/postfix/prng_exch: Permission denied
OK, so SELinux was preventing the write. All I had to do was issue the right chcon command to open up the directory, like issuing a chmod command.
But I could not figure out what to do. Of course, there are other things I could do: turn off SElinux completely, disable it for the postfix daemon, etc., but it seemed to me that the least invasive way of dealing with it was to just change that one directory, but I couldn't figure out how to do it.
So the first question is, how do I fix that one directory? Here is the output from ls -Z for the directory and the file that gets written to it:
drwxrwxrwx postfix root system_u
bject_r:var_lib_t:s0 /var/lib/postfix/
-rw------- postfix postfix unconfined_u
bject_r:var_lib_t:s0 prng_exch
And the second question is, how do I sort this stuff out generally? I'll happily read another FAQ or tutorial, but so far every time they get me near this question, the answer is to "change the context to permit the action" which is far too vague, or to use restorecon, which doesn't work in this case.
Thanks.
Linear Mode
