Package: selinux-policy-default Version: 2:2.20240607-1 Severity: normal Dear Maintainer,
postfix fails to install on a system with SELinux enabled and in enforcing mode, if selecting a preset postfix configuration on install. This is apparently due to postalias being broken/unusable with the default selinux-policy: $ sudo apt install postfix [...] Running newaliases /var/lib/dpkg/info/postfix.postinst: 43: newaliases: Permission denied dpkg: error processing package postfix (--configure): installed postfix package post-installation script subprocess returned error exit status 126 Processing triggers for man-db (2.12.1-2) ... Processing triggers for ufw (0.36.2-6) ... Errors were encountered while processing: postfix Error: Sub-process /usr/bin/dpkg returned an error code (1) $ sudo postalias sudo: unable to execute /usr/sbin/postalias: Permission denied $ sudo newaliases postalias: fatal: open database /etc/aliases.db: Permission denied It seems that some postfix-related file labels are not automatically assigned properly. It also appears that the mail user and various other policies for postfix/postalias are lacking required permissions/configuration. I am able to observe that the /etc/aliases.db file does not get any label assigned upon creation automatically, which leads to it being labelled with unconfined_u:object_r:etc_t instead of unconfined_u:object_r:etc_aliases_t. All of this can be reproduced on both the latest Debian Bookworm or Debian Unstable (tested with selinux-policy-default 2:2.20240607-1 [unstable] and 2:2.20221101-9 [bookworm]): - Set up a clean install - Set up SELinux (https://wiki.debian.org/SELinux/Setup) - Put SELinux in enforcing mode - Try to install the postfix package and select any option except "No configuration" when prompted The policy should be fixed, so that postfix can be installed without any errors related to SELinux and postalias be used again. Best regards.
