What were you trying to do that didn't work?

A customer is trying to use postmap to query the aliases database. This fails when being mapped to sysadm_t because there is a transition when executing postmap but no rule in the policy:

$ sudo -r sysadm_r -i
# id -Z
staff_u:sysadm_r:sysadm_t:s0-s0:c0.c1023
# strace -fttTvyy -P /etc/aliases.db -P /etc/aliases --secontext -- postmap -q root hash:/etc/aliases 
[postfix_map_t] 14:52:02.494628 openat(AT_FDCWD</root>, "/etc/aliases.db" [etc_aliases_t], O_RDONLY) = -1 EACCES (Permission denied) <0.000139>
postmap: fatal: open database /etc/aliases.db: Permission denied
14:52:03.498216 +++ exited with 1 +++

# sesearch -A -s postfix_map_t -t etc_aliases_t -c file -p open
--> nothing

What is the impact of this issue to you?

Can't perform administrative tasks

Please provide the package NVR for which the bug is seen:

selinux-policy-3.14.3-139.el8_10.1.noarch
selinux-policy-38.1.65-1.el9.noarch
...
selinux-policy-42.14-1.fc42.noarch (Fedora 42)

How reproducible is this bug?

Always, see above.