• 1
Hello Dan,

Your site has helped me understand more about SELINUX than I ever did before, and I appreciate your generosity.

I've been using Fedora since Core 3 for servers, running Postgresql databases for a tcp application. Core 3 was pretty solid, and Core 4 was okay; however, Core 5 has been an uphill climb.

I installed Core 5 on a new machine with Postgresql, sendmail, PHP - straight from the Fedora Core 5 DVD. The install goes well. I take my dumped postgresql database from the Core 4 machine, import into the new database of the Core 5 (according to the instructions from the Fedora site), reboot, and Postgresql fails to launch on boot up. Yesterday, I followed your links about using audit2allow and semodule in an effort to fix it, but the problem would not go away.

Thinking I'd erred somehow, I started with a fresh install early this morning, restored the database, rebooted, and the same messages appear in /var/log/messages:
Apr 6 07:56:21 vsi kernel: audit(1144324578.867:2): avc: denied { append } for pid=1816 comm="hostname" name="pgstartup.log" dev=dm-0 ino=14534786 scontext=system_u:system_r:hostname_t:s0 tcontext=system_u:object_r:postgresql_log_t:s0 tclass=file
Apr 6 07:56:21 vsi kernel: audit(1144324579.263:3): avc: denied { search } for pid=1830 comm="postmaster" name="pgsql" dev=dm-0 ino=5466913 scontext=system_u:system_r:postgresql_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=dir

In my pgstartup log:
postmaster cannot access the server configuration file "/data/pgsql/postgresql.conf": Permission denied

I don't get it, because the permissions are correct. Is this a bug with the new SELINUX?

Postgres policy expects it data to be in /var/lib/pgsql/data

Which would be labeled system_u:object_r:postgresql_db_t.s0

You could either mount you /data at this point or do a

chcon -R -t postgresql_db_t /data

Then to make this permanent, IE survice a relabel, you need to change the local file context.

semanage fcontext -a -t postgresql_db_t "/data(/.*)?"

  • 1
?

Log in