On Thu, 19 May 2005 07:42:02 -0400
Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> Richard E Miles wrote:
>
> >On Wed, 18 May 2005 09:44:28 -0400
> >Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> >
> >
> >
> >>Richard E Miles wrote:
> >>
> >>
> >>
> >>>I have been trying to start up the postgresql postmaster server to a database
> >>>which have all failed. The following are a list of avc: denied messages from
> >>>/var/log/messages:
> >>>
> >>>May 13 13:20:32 localhost kernel: audit(1116015632.155:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
> >>>May 13 13:20:32 localhost last message repeated 7 times
> >>>May 13 13:20:32 localhost kernel: audit(1116015632.156:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
> >>>May 13 13:20:32 localhost last message repeated 3 times
> >>>May 13 13:20:32 localhost kernel: audit(1116015632.157:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
> >>>May 13 13:20:32 localhost last message repeated 32 times
> >>>May 13 13:20:32 localhost kernel: audit(1116015632.158:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
> >>>May 13 13:20:32 localhost last message repeated 34 times
> >>>May 13 13:20:32 localhost kernel: audit(1116015632.159:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
> >>>
> >>>Why am I getting write denials? I am running FC3 with targetted policy.
> >>>
> >>>
> >>>
> >>>
> >>What file is pgdb?
> >>
> >>Dan
> >>
> >>
> >
> >pgdb is a directory containing the postgresql database. It is in /usr/local
> >and has my file permissions. ie:
> >
> >[rmiles@localhost ~]$ ls -l /usr/local/pgdb
> >total 76
> >drwx------ 5 rmiles rmiles 4096 Dec 18 15:05 base
> >drwx------ 2 rmiles rmiles 4096 Jan 13 18:13 global
> >drwx------ 2 rmiles rmiles 4096 Dec 18 14:27 pg_clog
> >-rw------- 1 rmiles rmiles 3396 Dec 18 14:27 pg_hba.conf
> >-rw------- 1 rmiles rmiles 1441 Dec 18 14:27 pg_ident.conf
> >-rw------- 1 rmiles rmiles 4 Dec 18 14:27 PG_VERSION
> >drwx------ 2 rmiles rmiles 4096 Dec 18 14:27 pg_xlog
> >-rw------- 1 rmiles rmiles 7821 Dec 18 14:27 postgresql.conf
> >-rw------- 1 rmiles rmiles 43 Jan 13 17:18 postmaster.opts
> >
> >Prior to enabling targeted policy I could start the server using
> >prostmaster -D /usr/local/pgdb. With the targeted policy enabled I get the
> >denial messages.
> >
> >
> >
> chcon -R system_u:object_r:postgresql_db_t /usr/local/pgdb
>
> Should fix.
>
> You might want to add
> /usr/local/pgdb(/.*)? system_u:object_r:postgresql_db_t
>
> to
>
> /etc/selinux/targeted/contexts/files/file_contexts.local
>
Thanks Dan. That fixed the problem. Will I have to make these changes when FC4
is released?
--
Richard E Miles
Federal Way WA. USA
registered linux user 46097
