FC4 last updates kill postfix+postgrey

[Andy Green]

Hi Folks -

Using FC4 postfix with 'postgrey', a greylisting service that
communicates via a unix socket:

# ll -Z /var/spool/postfix/postgrey/socket
srw-rw-rw-  postgrey nobody   root:object_r:postfix_spool_t
/var/spool/postfix/postgrey/socket

After recent updates:

Sep 27 09:25:17 Updated: audit-libs.i386 1.0.4-1.fc4
Sep 27 09:25:31 Updated: audit.x86_64 1.0.4-1.fc4
Sep 27 09:25:34 Updated: selinux-policy-targeted.noarch 1.27.1-2.2
Sep 27 09:25:35 Updated: audit-libs.x86_64 1.0.4-1.fc4

and a reboot, the socket is not available for postfix to open:

Sep 27 14:08:56 siamese postfix/smtpd[13486]: warning: connect to
/var/spool/postfix/postgrey/socket: Permission denied
Sep 27 14:08:56 siamese postfix/smtpd[13486]: warning: problem talking
to server /var/spool/postfix/postgrey/socket: Permission denied

Mail is then getting kicked because of this with, eg:

Sep 27 14:08:57 siamese postfix/smtpd[13486]: NOQUEUE: reject: RCPT from
hormel.redhat.com[209.132.177.30]: 450 Server configuration problem;
from=<fedora-list-bounces at redhat.com> to=<andy at warmcat.com> proto=ESMTP
helo=<hormel.redhat.com>

However there are no avc complaints in /var/log/messages.  Turning off
enforcing (of the targetted mode this is) in system-config-securitylevel
enables mail to work, therefore I deduce it is to do with selinux
despite the lack of complaints.

The socket is live alright as it appears (twice?) on:

# lsof -n | grep postgrey\/socket
postgrey  12989 postgrey    5u     unix 0xffff81007995d800
   77801 /var/spool/postfix/postgrey/socket
postgrey  12989 postgrey    9u     unix 0xffff810005ed3800
   92050 /var/spool/postfix/postgrey/socket

Any advice?

-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050927/b7b0c14c/attachment.bin>