Re: Checkpoint request failed, permission denied

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Checkpoint request failed, permission denied
Date: 2009-09-14 16:37:37
Message-ID: 17644.1252946257@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com> writes:
> I think you may be right. There were some audit access denied messages. I
> had SELinux in permissive mode, but its tricky to work with.

> I generated a new SELinux rule using audit2allow, here is what it looks like
> now. Do you think this is adequate?

If you're keeping the PG data directory in the standard place
(/var/lib/pgsql/data) then you shouldn't need any custom selinux rules.
What is more likely is that the directory accidentally acquired the
wrong selinux label while you were fooling around. "restorecon" is the
easiest way to fix mistakes like that.

If you're trying to put the data directory in a nonstandard place then
you might need some custom rules. This is beyond my personal experience
with selinux, but I seem to recall being told that as long as everything
in the data directory is labeled "postgresql_db_t" then it will work
no matter where it is. What you would want the custom rule for is to
make sure that "restorecon" doesn't relabel the data directory to
something else if someone blindly runs it over the whole filesystem.

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Chris Barnes 2009-09-14 17:20:23 Re: Locks in postgres causing system load and crash.
Previous Message Sam Mason 2009-09-14 16:37:09 Re: postgresql.key secure storage