Postfix error cannot open file: Permission denied

190 words, 1 minutes.

I’ve been moving email off of Google recently to the excellent service by Hey . But the temporary forwarding solution hit a snag with lots of apparently simple “Permission denied” messages.

postfix/bounce[26281]: fatal: open lock file pid/unix.bounce: cannot open file: Permission denied

Even with my [extremely] rusty tech skills I figured I could fix this one. postfix set-permissions is simple enough. Only, this didn’t fix it. A quick search showed a few promising results — it’s an SELinux problem. Almost every result therefore said setenforce 0 solved it!

That’s not the right answer. SELinux is very useful to have in place for anything connected to the internet, so rather than disable it, I looked into fixing the issue properly. Luckily I’ve been here before , many years ago. So referring to my previous blog post about SELinux, it took me all of 10 minutes to fix.

sesearch -s postfix_bounce_t -t var_run_t -c dir -A
ausearch -m avc --start today | audit2allow -m postfix_pid_write -o postfix_pid_write.te
ausearch -m avc --start today | audit2allow -M postfix_pid_write
semodule -i postfix_pid_write.pp
semodule -l | grep postfix

Problem solved. SELinux still very much in place.