Skip site navigation (1) Skip section navigation (2)

Re: cannot access directory /pg_tblspc/*

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Charlie <perezchar(at)gmail(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: cannot access directory /pg_tblspc/*
Date: 2006-06-22 16:14:19
Message-ID: 619.1150992859@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-novice
Charlie <perezchar(at)gmail(dot)com> writes:
> Thanks a lot, I disabled security for postgresql service and it's running  
> perfectly now.
> Will you please tell me what was selinux doing that prevented it from  
> working properly? Thanx a lot again!

OK, the problem is probably that SELinux tries to prevent daemon
processes from accessing parts of the filesystem that they're not
supposed to access --- this is so that if someone manages to break into
that service process, the amount of damage they can do using it is
limited.

In the case of postgres, the standard selinux policy says that only 
stuff under /var/lib/pgsql should be accessed during normal operation.
If you want to have a custom tablespace somewhere else, you need to add
that tablespace's directory to the selinux policy entry for postgres.
Messing with selinux policy entries is not something I've ever had to do,
but I think it's not hard if you read the documentation.

The reason it worked after manually restarting the postmaster is
probably that a process launched from a terminal window is not
considered a system daemon and so selinux uses a weaker policy for it.
Did you use /sbin/service to restart the postmaster, or did you do a
manual "pg_ctl start" or some such?  If you used /sbin/service I
would've expected the system-daemon policy to apply still ...

			regards, tom lane

In response to

pgsql-novice by date

Next:From: Garcia, JoshuaDate: 2006-06-22 17:43:03
Subject: Listing Child Tables of a Particular Parent
Previous:From: Richard Broersma JrDate: 2006-06-22 14:41:41
Subject: Re: Doubt in stored procedure

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group