On Sun, 2006-05-28 at 17:13 +0200, Zoltan Boszormenyi wrote: > Hi, > > answering to myself. :-) > > Zoltan Boszormenyi írta: > > So, how can I fix the current situation and include /home1/pgsql in > > the postgresql context/domain? I would like to relabel it to recover > > the context... > > > > BTW the same principle would apply if one would like to create > > another tablespace for postgresql under another mount point... > > After some more RTFM, it would seem simple: > > semanage fcontext -a -t postgresql_db_t '/home1/pgsql/data(/.*)?' > semanage fcontext -a -t postgresql_log_t '/home1/pgsql/pgstartup.log' > fixfiles relabel /home1/pgsql > > But it was not enough. Starting it with "service postgresql start" fails. > I had to modify the rc script, too. I had to replace /var/lib/pgsql with > /home1/pgsql everywhere despite the /var/lib/pgsql -> /home1/pgsql symlink. This will be failing because SELinux is blocking access to reading the symlink. You should find an avc denial for the lnk_file in your logs. > But this is enough for adding another tablespace under e.g. /home1/pgsql2: > > mkdir -p /home1/pgsql2/data > chown -R postgres.postgres /home1/pgsql2 > semanage fcontext -a -t postgresql_db_t '/home1/pgsql2/data(/.*)?' > fixfiles relabel /home1/pgsql2 An easier way is to bind mount /home/pgsql on /var/lib/pgsql etc. and do a restorecon -R on the "new" /var/lib/pgsql. That achieves the same effect without the symlink. Paul.
