postgresql pg_dump won't run
Daniel J Walsh
dwalsh at redhat.com
Tue Jan 4 16:47:21 UTC 2005
Dr. Michael J. Chudobiak wrote:
> Daniel J Walsh wrote:
>
>>>
>>> Is there a way of running pg_dump and pg_dumpall under selinux,
>>> without abandoning or rewriting the targeted policy?
>>
>>
>> Grab selinux-policy-targeted-1.17.30-2.62 off of
>
>
> I still get errors. I can't run pg_dumpall as root or postgres:
>
> [root at server2 log]# rpm -qa selinux-policy-targeted
> selinux-policy-targeted-1.17.30-2.62
>
> [root at server2 log]# grep pg_dumpall messages
> Jan 4 09:50:13 server2 kernel: audit(1104850213.722:0): avc: denied
> { write } for pid=16053
> exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
> scontext=user_u:system_r:postgresql_t
> tcontext=root:object_r:tmp_t tclass=sock_file
> Jan 4 09:50:17 server2 kernel: audit(1104850217.630:0): avc: denied
> { write } for pid=16057
> exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
> scontext=user_u:system_r:postgresql_t
> tcontext=root:object_r:tmp_t tclass=sock_file
> Jan 4 09:50:29 server2 kernel: audit(1104850229.137:0): avc: denied
> { write } for pid=16133
> exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
> scontext=root:system_r:postgresql_t
> tcontext=root:object_r:tmp_t tclass=sock_file
> Jan 4 09:50:37 server2 kernel: audit(1104850237.546:0): avc: denied
> { write } for pid=16166
> exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
> scontext=user_u:system_r:postgresql_t
> tcontext=root:object_r:tmp_t tclass=sock_file
>
>
Looks like postgresql is running under the wrong context.
Do a ps -eZ | grep postgres
It should not be running unconfined_t.
> Any suggestions?
>
>
> - Mike
More information about the fedora-selinux-list
mailing list