| From: | Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Checkpoint request failed, permission denied |
| Date: | 2009-09-14 16:23:08 |
| Message-ID: | C6D3CA0C.CA05%cory.isaacson@compuflex.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom,
I think you may be right. There were some audit access denied messages. I
had SELinux in permissive mode, but its tricky to work with.
I generated a new SELinux rule using audit2allow, here is what it looks like
now. Do you think this is adequate?
Thanks,
Cory
[root(at)ittdev1 data]# ls -Z pg_xlog
-rw------- postgres postgres root:object_r:postgresql_db_t
000000010000000000000000
drwx------ postgres postgres root:object_r:postgresql_db_t
archive_status
> From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> Date: Mon, 14 Sep 2009 12:09:48 -0400
> To: Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com>
> Cc: <pgsql-general(at)postgresql(dot)org>
> Subject: Re: [GENERAL] Checkpoint request failed, permission denied
>
> Cory Isaacson <cory(dot)isaacson(at)compuflex(dot)com> writes:
>> Here are the permissions on pg_xlog:
>> drwx------ 3 postgres postgres 4096 Sep 13 22:19 pg_xlog
>
> Well, that certainly looks right. I'm back to suspecting selinux ...
> have you tried "ls -Z"? I'm not totally sure about RHEL5, but in
> recent Fedora it should look like
>
> drwx------. postgres postgres unconfined_u:object_r:postgresql_db_t:s0 pg_xlog
>
> the "postgresql_db_t" bit being the actually critical part.
>
> regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sam Mason | 2009-09-14 16:37:09 | Re: postgresql.key secure storage |
| Previous Message | Tom Lane | 2009-09-14 16:17:55 | Re: postgresql.key secure storage |