| From: | Ugo Bellavance <ugob(at)lubik(dot)ca> |
|---|---|
| To: | pgsql-pkg-yum(at)lists(dot)postgresql(dot)org |
| Subject: | SELinux for PostgreSQL packages |
| Date: | 2021-12-31 01:23:06 |
| Message-ID: | CACSSk+X1mg9X99tY+RGQrhh3ne29W8QZ4DzX3w_iUcgLGEjfqw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-pkg-yum |
Hi,
I see that the SELinux contexts for the PostgreSQL service processes are
not the same as with the Red Hat packages.
PGDG:
[postgres(at)serverPGDG~]$ ps auxZ | grep postg
system_u:system_r:unconfined_service_t:s0 postgres 1262 0.0 0.5 709764
47656 ? Ss Dec06 0:44 /usr/pgsql-12/bin/postmaster -D
/var/lib/pgsql/12/data
system_u:system_r:unconfined_service_t:s0 postgres 1314 0.0 0.0 143540
4872 ? Ss Dec06 0:13 postgres: logger
system_u:system_r:unconfined_service_t:s0 postgres 1315 0.0 5.4 710356
430848 ? Ss Dec06 0:56 postgres: startup recovering
000000010000001B00000083
system_u:system_r:unconfined_service_t:s0 postgres 1347 0.0 5.3 709964
426368 ? Ss Dec06 0:50 postgres: checkpointer
system_u:system_r:unconfined_service_t:s0 postgres 1348 0.0 0.0 709764
6276 ? Ss Dec06 0:39 postgres: background writer
system_u:system_r:unconfined_service_t:s0 postgres 1349 0.0 0.0 145664
4888 ? Ss Dec06 0:40 postgres: stats collector
system_u:system_r:unconfined_service_t:s0 postgres 128322 0.1 0.1 734652
11556 ? Ss Dec09 38:58 postgres: walreceiver streaming 1B/834697B0
Red Hat:
[posgres(at)serverRH ~]$ ps auxZ | grep postg
system_u:system_r:postgresql_t:s0 postgres 1264 0.1 0.9 2430608 72256 ?
Ss Dec09 35:53 postmaster -D
/var/opt/rh/rh-postgresql12/lib/pgsql/data
system_u:system_r:postgresql_t:s0 postgres 1333 0.0 0.0 260072 6064 ?
Ss Dec09 16:59 postgres: logger
system_u:system_r:postgresql_t:s0 postgres 1534 0.0 6.2 2430920 498148 ?
Ss Dec09 0:58 postgres: checkpointer
system_u:system_r:postgresql_t:s0 postgres 1535 0.0 0.3 2430760 30688 ?
Ss Dec09 0:55 postgres: background writer
system_u:system_r:postgresql_t:s0 postgres 1536 0.0 0.2 2430608 17732 ?
Ss Dec09 1:40 postgres: walwriter
system_u:system_r:postgresql_t:s0 postgres 1537 0.1 0.0 2431876 2872 ?
Ss Dec09 31:34 postgres: autovacuum launcher
system_u:system_r:postgresql_t:s0 postgres 1538 0.0 0.0 255996 1232 ?
Ss Dec09 0:09 postgres: archiver last was
000000010000001B00000082.00000028.backup
system_u:system_r:postgresql_t:s0 postgres 1539 0.2 0.0 262536 6708 ?
Ss Dec09 68:40 postgres: stats collector
system_u:system_r:postgresql_t:s0 postgres 1540 0.0 0.0 2431180 1692 ?
Ss Dec09 0:02 postgres: logical replication launcher
system_u:system_r:postgresql_t:s0 postgres 8865 0.0 0.0 2433904 3884 ?
Ss Dec09 1:01 postgres: walsender replicuser1
atqrh8pgsqlr1.atqlan.agri-tracabilite.qc.ca(42284) streaming 1B/834697B0
I'm not a SELinux expert, but are PGDG binaries using the same SELinux
configuration as RH-provided binaries?
On the filesystem side, the contexts seem to be the same.
Thanks,
--
Ugo Bellavance (ugob(at)lubik(dot)ca)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nicolas Thauvin | 2022-01-05 09:48:26 | Re: other missing RPMs? (Re: pg_repack12) |
| Previous Message | David Steele | 2021-12-31 00:32:46 | Re: GPG signature verification error with pgdg-redhat-repo-42.0-17.noarch |