avc denied from postgresql
Richard Hally
rhallyx at mindspring.com
Wed Jun 16 04:31:58 UTC 2004
Russell Coker wrote:
>On Tue, 15 Jun 2004 19:20, Richard Hally <rhallyx at mindspring.com> wrote:
>
>
>>During bootup the postgresql server fails to start and produced the
>>following avc denied message:
>>
>>Jun 15 05:09:12 new2 su(pam_unix)[2414]: session opened for user
>>postgres by (uid=0)
>>Jun 15 05:09:13 new2 kernel: audit(1087290553.569:0): avc: denied {
>>write } for pid=2445 exe=/usr/bin/postgres name=data dev=hda2
>>ino=788097 scontext=user_u:user_r:user_t
>>tcontext=system_u:object_r:var_lib_t tclass=dir
>>
>>
>
>Have you added the following line to postgresql.fc?
>/var/lib/pgsql(/.*)? system_u:object_r:postgresql_db_t
>
>
>
>
With the above change to the postgresql.fc I get the following avc
denied messages when booting:
Jun 16 00:19:15 new2 su(pam_unix)[2452]: session opened for user
postgres by (uid=0)
Jun 16 00:19:15 new2 kernel: audit(1087359555.469:0): avc: denied {
search } for pid=2453 exe=/bin/su name=pgsql dev=hda2 ino=722952
scontext=system_u:system_r:initrc_su_t
tcontext=system_u:object_r:postgresql_db_t tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.496:0): avc: denied {
search } for pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.521:0): avc: denied {
search } for pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t
tclass=dir
Jun 16 00:19:15 new2 last message repeated 3 times
Jun 16 00:19:15 new2 kernel: audit(1087359555.604:0): avc: denied {
search } for pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.674:0): avc: denied {
search } for pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.710:0): avc: denied {
search } for pid=2473 exe=/bin/bash name=pgsql dev=hda2 ino=722952
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.714:0): avc: denied {
search } for pid=2484 exe=/bin/sed name=pgsql dev=hda2 ino=722952
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t
tclass=dir
Jun 16 00:19:15 new2 su(pam_unix)[2452]: session closed for user postgres
Jun 16 00:19:15 new2 kernel: audit(1087359555.993:0): avc: denied {
search } for pid=2482 exe=/usr/bin/postgres name=pgsql dev=hda2
ino=722952 scontext=user_u:user_r:user_t
tcontext=system_u:object_r:postgresql_db_t tclass=dir
Jun 16 00:19:16 new2 postgresql: Starting postgresql service: failed
HTH
Richard Hally
More information about the fedora-selinux-list
mailing list