type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=

1. type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
2.  
3. type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
4.  
5. Was caused by:
6. Missing type enforcement (TE) allow rule.
7.  
8. You can use audit2allow to generate a loadable module to allow this access.
9.  
10. #============= postfix_postdrop_t ==============
11.  
12. #!!!! The file '/var/spool/postfix/public/pickup' is mislabeled on your system.
13. #!!!! Fix with $ restorecon -R -v /var/spool/postfix/public/pickup
14. allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
15.  
16. # restorecon -R -v /var/spool/postfix/public/pickup
17. # ls -lZ /var/spool/postfix/public/pickup
18. srw-rw-rw-. postfix postfix unconfined_u:object_r:postfix_public_t:s0 /var/spool/postfix/public/pickup
19.  
20. allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
21.  
22. # echo 'type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket'
23. | audit2allow -M local_postfix_pickup
24. # semodule -i local_postfix_pickup.pp
25.  
26. #============= postfix_postdrop_t ==============
27.  
28. #!!!! This avc is allowed in the current policy
29. allow postfix_postdrop_t unconfined_t:unix_stream_socket connectto;
30.  
31. # echo 'type=AVC msg=audit(1533595368.668:140747): avc: denied { connectto } for pid=87400 comm="postdrop" path="/var/spool/postfix/public/pickup" scontext=system_u:system_r:postfix_postdrop_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket'
32. | audit2allow -M local_postfix_pickup
33. # semodule -i local_postfix_pickup.pp