avc denied from postgresql

Richard Hally rhallyx at mindspring.com
Wed Jun 16 04:31:58 UTC 2004 

Russell Coker wrote:

>On Tue, 15 Jun 2004 19:20, Richard Hally <rhallyx at mindspring.com> wrote:
>  
>
>>During bootup the postgresql server fails to start and produced the
>>following avc denied message:
>>
>>Jun 15 05:09:12 new2 su(pam_unix)[2414]: session opened for user
>>postgres by (uid=0)
>>Jun 15 05:09:13 new2 kernel: audit(1087290553.569:0): avc:  denied  {
>>write } for  pid=2445 exe=/usr/bin/postgres name=data dev=hda2
>>ino=788097 scontext=user_u:user_r:user_t
>>tcontext=system_u:object_r:var_lib_t tclass=dir
>>    
>>
>
>Have you added the following line to postgresql.fc?
>/var/lib/pgsql(/.*)?           system_u:object_r:postgresql_db_t
>
>
>  
>
With the above change to the postgresql.fc I get the following avc 
denied messages when booting:

Jun 16 00:19:15 new2 su(pam_unix)[2452]: session opened for user 
postgres by (uid=0)
Jun 16 00:19:15 new2 kernel: audit(1087359555.469:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/su name=pgsql dev=hda2 ino=722952 
scontext=system_u:system_r:initrc_su_t 
tcontext=system_u:object_r:postgresql_db_t tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.496:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.521:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 last message repeated 3 times
Jun 16 00:19:15 new2 kernel: audit(1087359555.604:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.674:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.710:0): avc:  denied  { 
search } for  pid=2473 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.714:0): avc:  denied  { 
search } for  pid=2484 exe=/bin/sed name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 su(pam_unix)[2452]: session closed for user postgres
Jun 16 00:19:15 new2 kernel: audit(1087359555.993:0): avc:  denied  { 
search } for  pid=2482 exe=/usr/bin/postgres name=pgsql dev=hda2 
ino=722952 scontext=user_u:user_r:user_t 
tcontext=system_u:object_r:postgresql_db_t tclass=dir
Jun 16 00:19:16 new2 postgresql: Starting postgresql service:  failed

HTH
Richard Hally

More information about the fedora-selinux-list mailing list