From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | byrnejb(at)harte-lyne(dot)ca |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: PG84 and SELinux |
Date: | 2010-12-01 21:54:21 |
Message-ID: | 22175.1291240461@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
"James B. Byrne" <byrnejb(at)harte-lyne(dot)ca> writes:
> Earlier today I attempted to upgrade a production server from 8.1 to
> 8.4 using the pgdg-84-centos.repo. I say attempted because I could
> never get it to support ssl connections and as that is a requirement
> I had to roll back to 8.1.
Can't comment on that without a lot more detail.
> Whatever was the cause of the ssl problem I also encountered a
> surprising number of SELinux violations. The following details the
> SELinux settings that I ultimately had to apply as a local module.
> This took a considerable period of time as each had to be triggered
> in turn in order that the error be identified.
> #============= postgresql_t ==============
> allow postgresql_t var_lib_t:dir rmdir;
> allow postgresql_t var_lib_t:file { write getattr link read unlink
> append };
> Is this to be expected?
AFAIK, the Red Hat RPMs work out-of-the-box with SELinux; I'm a bit
surprised to hear that the PGDG ones don't, because last I heard
they use the same file layout. What the above sounds like to me is that
the data directory tree wasn't correctly labeled as postgresql_db_t.
Maybe a restorecon would have helped?
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2010-12-01 22:01:28 | Re: PG_ERROR 42501 permissions error |
Previous Message | Rich Shepard | 2010-12-01 21:48:59 | Proper Permissions for /usr/local/pgsql/data |