Index: policy/modules/services/postfix.te
===================================================================
--- policy/modules/services/postfix.te.orig
+++ policy/modules/services/postfix.te
@@ -286,6 +286,9 @@
 # for .forward - maybe we need a new type for it?
 rw_sock_files_pattern(postfix_local_t, postfix_private_t, postfix_private_t)
 
+# so it can write to the lock file
+mta_rw_spool(postfix_local_t)
+
 allow postfix_local_t postfix_spool_t:file rw_file_perms;
 
 corecmd_exec_shell(postfix_local_t)