avc denied from postgresql
Russell Coker
russell at coker.com.au
Tue Jun 15 12:53:00 UTC 2004
On Tue, 15 Jun 2004 19:20, Richard Hally <rhallyx at mindspring.com> wrote:
> During bootup the postgresql server fails to start and produced the
> following avc denied message:
>
> Jun 15 05:09:12 new2 su(pam_unix)[2414]: session opened for user
> postgres by (uid=0)
> Jun 15 05:09:13 new2 kernel: audit(1087290553.569:0): avc: denied {
> write } for pid=2445 exe=/usr/bin/postgres name=data dev=hda2
> ino=788097 scontext=user_u:user_r:user_t
> tcontext=system_u:object_r:var_lib_t tclass=dir
Have you added the following line to postgresql.fc?
/var/lib/pgsql(/.*)? system_u:object_r:postgresql_db_t
As for the source domain being user_t, I'll have to do some tests on that,
it's not what's planned. It's probably an unexpected interaction between the
recent su changes and the use of su in postgres startup scripts.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list