| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #11365: denied apache cgi connect |
| Date: | 2014-09-07 22:22:11 |
| Message-ID: | 540CDA93.1040301@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 9/7/2014 9:36 AM, Tom Lane wrote:
> That's not something the PG community can do anything about. If there's a
> bug in the SELinux policy for apache, you need to complain to Red Hat to
> get it fixed.
>
> I suspect though that if you dig a little bit, you will find that this
> case has been foreseen, and there's a SELinux policy boolean that you
> are supposed to set to allow apache processes to do database access.
> A quick browse in the output of "semanage boolean -l" suggests that
> "allow_user_postgresql_connect" might be the right thing, or maybe
> "httpd_can_network_connect_db" ...
the PGDG packagers probably should include some level of database
selinux policy settings. maybe a special RPM that sets the apache
database policy or something.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2014-09-08 04:17:50 | Re: [BUGS] BUG #10823: Better REINDEX syntax. |
| Previous Message | Jeff Janes | 2014-09-07 21:50:56 | Re: BUG #11365: denied apache cgi connect |