Re: Checkpoint request failed, permission denied

From: Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: <pgsql-general(at)postgresql(dot)org>
Subject: Re: Checkpoint request failed, permission denied
Date: 2009-09-14 16:23:08
Message-ID: C6D3CA0C.CA05%cory.isaacson@compuflex.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Tom,

I think you may be right. There were some audit access denied messages. I
had SELinux in permissive mode, but its tricky to work with.

I generated a new SELinux rule using audit2allow, here is what it looks like
now. Do you think this is adequate?

Thanks,

Cory

[root(at)ittdev1 data]# ls -Z pg_xlog
-rw------- postgres postgres root:object_r:postgresql_db_t
000000010000000000000000
drwx------ postgres postgres root:object_r:postgresql_db_t
archive_status

> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> Date: Mon, 14 Sep 2009 12:09:48 -0400
> To: Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com>
> Cc: <pgsql-general(at)postgresql(dot)org>
> Subject: Re: [GENERAL] Checkpoint request failed, permission denied
>
> Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com> writes:
>> Here are the permissions on pg_xlog:
>> drwx------ 3 postgres postgres 4096 Sep 13 22:19 pg_xlog
>
> Well, that certainly looks right. I'm back to suspecting selinux ...
> have you tried "ls -Z"? I'm not totally sure about RHEL5, but in
> recent Fedora it should look like
>
> drwx------. postgres postgres unconfined_u:object_r:postgresql_db_t:s0 pg_xlog
>
> the "postgresql_db_t" bit being the actually critical part.
>
> regards, tom lane

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Sam Mason 2009-09-14 16:37:09 Re: postgresql.key secure storage
Previous Message Tom Lane 2009-09-14 16:17:55 Re: postgresql.key secure storage