SELinux is preventing Postfix and Polkit processes from access on the directory /proc/<pid>/stat.

Solution Verified - Updated -

Issue

  • Seeing SELinux denial messages like these:

    SELinux is preventing /usr/libexec/postfix/qmgr from open , search access on the directory /proc/<pid>/stat.
SELinux is preventing /usr/libexec/postfix/pickup from open , search access on the directory /proc/<pid>/stat.
SELinux is preventing pkla-check-auth from search access on /proc/<pid>/stat.

    type=AVC avc:  denied  { search } for  pid=361 comm="qmgr" name="12345" dev="proc" ino=12345678 scontext=system_u:system_r:postfix_qmgr_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir permissive=0

type=AVC avc:  denied  { open } for  pid=361 comm="qmgr" path="/proc/12345/stat" dev="proc" ino=321654 scontext=system_u:system_r:postfix_qmgr_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file permissive=0

type=AVC avc:  denied  { search } for  pid=360 comm="pickup" name="12345" dev="proc" ino=12345678 scontext=system_u:system_r:postfix_pickup_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=dir permissive=0

type=AVC avc:  denied  { open } for  pid=360 comm="pickup" path="/proc/12345/stat" dev="proc" ino=321654 scontext=system_u:system_r:postfix_pickup_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=file permissive=0

Environment

  • Red Hat Enterprise Linux 7 and later
    • Centrify (3rd party)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content