Re: SELinux & Redhat

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jeff - <threshar(at)torgo(dot)978(dot)org>
Cc: pgsql-docs(at)postgresql(dot)org
Subject: Re: SELinux & Redhat
Date: 2005-05-06 15:57:47
Message-ID: 15121.1115395067@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-docs pgsql-performance

Jeff - <threshar(at)torgo(dot)978(dot)org> writes:
> When I run pg_dump w/these settings the following happens running
> pg_dump (.broken is hte original file from the rpm)

> bash-3.00$ /usr/bin/pg_dump.broken planet
> bash-3.00$

Does it work if you direct the output into a file, instead of letting it
come to your terminal (which seems a bit useless anyway)?

I've been bugging dwalsh about the fact that the selinux policy
disallows writes to /dev/tty to things it thinks are daemons;
that seems pretty stupid. But pg_dump isn't a daemon so there's
no reason for it to be restricted this way anyway...

> and what is interesting is it seems only sometimes things get logged
> to syslog about the failure.

Someone told me there's a rate limit on selinux complaints going to
syslog, to keep it from swamping your logs. I suspect there are some
actual bugs there too, because I've noticed cases where an action was
blocked and there wasn't any log message, nor enough activity to
justify a rate limit. Feel free to file a bugzilla report if you can
get a reproducible case.

regards, tom lane

In response to

Responses

Browse pgsql-docs by date

  From Date Subject
Next Message Jeff - 2005-05-06 17:37:49 Re: SELinux & Redhat
Previous Message Jeff - 2005-05-06 15:46:26 Re: SELinux & Redhat

Browse pgsql-performance by date

  From Date Subject
Next Message Jeff - 2005-05-06 17:37:49 Re: SELinux & Redhat
Previous Message Jeff - 2005-05-06 15:46:26 Re: SELinux & Redhat