From: | Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: Checkpoint request failed, permission denied |
Date: | 2009-09-14 16:23:08 |
Message-ID: | C6D3CA0C.CA05%cory.isaacson@compuflex.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Tom,
I think you may be right. There were some audit access denied messages. I
had SELinux in permissive mode, but its tricky to work with.
I generated a new SELinux rule using audit2allow, here is what it looks like
now. Do you think this is adequate?
Thanks,
Cory
[root(at)ittdev1 data]# ls -Z pg_xlog
-rw------- postgres postgres root:object_r:postgresql_db_t
000000010000000000000000
drwx------ postgres postgres root:object_r:postgresql_db_t
archive_status
> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> Date: Mon, 14 Sep 2009 12:09:48 -0400
> To: Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com>
> Cc: <pgsql-general(at)postgresql(dot)org>
> Subject: Re: [GENERAL] Checkpoint request failed, permission denied
>
> Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com> writes:
>> Here are the permissions on pg_xlog:
>> drwx------ 3 postgres postgres 4096 Sep 13 22:19 pg_xlog
>
> Well, that certainly looks right. I'm back to suspecting selinux ...
> have you tried "ls -Z"? I'm not totally sure about RHEL5, but in
> recent Fedora it should look like
>
> drwx------. postgres postgres unconfined_u:object_r:postgresql_db_t:s0 pg_xlog
>
> the "postgresql_db_t" bit being the actually critical part.
>
> regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Sam Mason | 2009-09-14 16:37:09 | Re: postgresql.key secure storage |
Previous Message | Tom Lane | 2009-09-14 16:17:55 | Re: postgresql.key secure storage |