| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | byrnejb(at)harte-lyne(dot)ca |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PG84 and SELinux |
| Date: | 2010-12-01 21:54:21 |
| Message-ID: | 22175.1291240461@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"James B. Byrne" <byrnejb(at)harte-lyne(dot)ca> writes:
> Earlier today I attempted to upgrade a production server from 8.1 to
> 8.4 using the pgdg-84-centos.repo. I say attempted because I could
> never get it to support ssl connections and as that is a requirement
> I had to roll back to 8.1.
Can't comment on that without a lot more detail.
> Whatever was the cause of the ssl problem I also encountered a
> surprising number of SELinux violations. The following details the
> SELinux settings that I ultimately had to apply as a local module.
> This took a considerable period of time as each had to be triggered
> in turn in order that the error be identified.
> #============= postgresql_t ==============
> allow postgresql_t var_lib_t:dir rmdir;
> allow postgresql_t var_lib_t:file { write getattr link read unlink
> append };
> Is this to be expected?
AFAIK, the Red Hat RPMs work out-of-the-box with SELinux; I'm a bit
surprised to hear that the PGDG ones don't, because last I heard
they use the same file layout. What the above sounds like to me is that
the data directory tree wasn't correctly labeled as postgresql_db_t.
Maybe a restorecon would have helped?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-12-01 22:01:28 | Re: PG_ERROR 42501 permissions error |
| Previous Message | Rich Shepard | 2010-12-01 21:48:59 | Proper Permissions for /usr/local/pgsql/data |