| From: | "James B(dot) Byrne" <byrnejb(at)harte-lyne(dot)ca> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PG84 and SELinux |
| Date: | 2010-12-01 23:22:00 |
| Message-ID: | 60876.70.50.88.137.1291245720.squirrel@webmail.harte-lyne.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, December 1, 2010 16:54, Tom Lane wrote:
>> Whatever was the cause of the ssl problem I also encountered a
>> surprising number of SELinux violations. The following details
>> the
>> SELinux settings that I ultimately had to apply as a local module.
>> This took a considerable period of time as each had to be
>> triggered
>> in turn in order that the error be identified.
>
>> #============= postgresql_t ==============
>> allow postgresql_t var_lib_t:dir rmdir;
>> allow postgresql_t var_lib_t:file { write getattr link read unlink
>> append };
>
>> Is this to be expected?
>
> AFAIK, the Red Hat RPMs work out-of-the-box with SELinux; I'm a bit
> surprised to hear that the PGDG ones don't, because last I heard
> they use the same file layout. What the above sounds like to me is
> that
> the data directory tree wasn't correctly labeled as postgresql_db_t.
> Maybe a restorecon would have helped?
>
> regards, tom lane
>
I tried a restorecon as suggested by sealert at the first error. It
had no effect insofar as I could determine.
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB(at)Harte-Lyne(dot)ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-12-02 00:15:37 | Re: Cannot start Postgres- FATAL: invalid cache id: 19 |
| Previous Message | Rich Shepard | 2010-12-01 23:01:29 | Re: Proper Permissions for /usr/local/pgsql/data |