From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | "Just Someone" <just(dot)some(at)gmail(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: SELinux strangeness with 8.1.2 and 8.1.3 |
Date: | 2006-03-02 19:02:50 |
Message-ID: | 4540.1141326170@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"Just Someone" <just(dot)some(at)gmail(dot)com> writes:
> Some more clues that might help you see if there's a real problem, is
> that the /var/lib/pgsql/data/postmaster.pid file is created with the a
> SELinux context that's different from the rest. It is created with
> system_u:object_r:file_t while the rest of the files are created with
> root:object_r:postgresql_db_t. And the postmaster (when using runuser)
> fails on accessing it according to the audit log.
Hmm. That seems like a SELinux policy bug. It doesn't happen for me:
the pid file is created with the same context the other files have.
-rw------- postgres postgres root:object_r:postgresql_db_t postmaster.pid
Are you sure that your SELinux policy is up-to-date? Maybe you need to
do a restorecon on the postgres binaries and/or /var/lib/pgsql/data.
> Some more info about the system:
> * FC4 fully updated
> * Postgres 8.1.3 built from the PGDG SRPMs
> * Dual Opteron
I tried it myself on a freshly-updated FC4 x86_64 system, using the current
FC5 SRPMs, and couldn't see a problem. Red Hat's SRPMs are not exactly
like the PGDG ones, but the only difference I can find that looks at all
relevant to SELinux is this one in the init script:
132c134
< [ -x /usr/bin/chcon ] && /usr/bin/chcon -u system_u -r object_r -t postgresql_log_t "$PGLOG"
---
> [ -x /usr/bin/chcon ] && /usr/bin/chcon -t postgresql_log_t "$PGLOG"
and that's not about the pid file.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | SCassidy | 2006-03-02 19:13:32 | Re: Need a GNU SQL CLI tool for Win32 with ODBC support. |
Previous Message | Rick Gigger | 2006-03-02 18:03:31 | Re: query timeout |