Charlie <perezchar(at)gmail(dot)com> writes:
> Thanks a lot, I disabled security for postgresql service and it's running
> perfectly now.
> Will you please tell me what was selinux doing that prevented it from
> working properly? Thanx a lot again!
OK, the problem is probably that SELinux tries to prevent daemon
processes from accessing parts of the filesystem that they're not
supposed to access --- this is so that if someone manages to break into
that service process, the amount of damage they can do using it is
In the case of postgres, the standard selinux policy says that only
stuff under /var/lib/pgsql should be accessed during normal operation.
If you want to have a custom tablespace somewhere else, you need to add
that tablespace's directory to the selinux policy entry for postgres.
Messing with selinux policy entries is not something I've ever had to do,
but I think it's not hard if you read the documentation.
The reason it worked after manually restarting the postmaster is
probably that a process launched from a terminal window is not
considered a system daemon and so selinux uses a weaker policy for it.
Did you use /sbin/service to restart the postmaster, or did you do a
manual "pg_ctl start" or some such? If you used /sbin/service I
would've expected the system-daemon policy to apply still ...
regards, tom lane
In response to
pgsql-novice by date
|Next:||From: Garcia, Joshua||Date: 2006-06-22 17:43:03|
|Subject: Listing Child Tables of a Particular Parent|
|Previous:||From: Richard Broersma Jr||Date: 2006-06-22 14:41:41|
|Subject: Re: Doubt in stored procedure|