postgresql pg_dump won't run
Daniel J Walsh
dwalsh at redhat.com
Wed Jan 5 14:11:38 UTC 2005
Karsten Wade wrote:
>On Tue, 2005-01-04 at 11:47 -0500, Daniel J Walsh wrote:
>
>
>>Dr. Michael J. Chudobiak wrote:
>>
>>
>>
>>>[root at server2 log]# grep pg_dumpall messages
>>>Jan 4 09:50:13 server2 kernel: audit(1104850213.722:0): avc: denied
>>>{ write } for pid=16053
>>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>>scontext=user_u:system_r:postgresql_t
>>>tcontext=root:object_r:tmp_t tclass=sock_file
>>>Jan 4 09:50:17 server2 kernel: audit(1104850217.630:0): avc: denied
>>>{ write } for pid=16057
>>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>>scontext=user_u:system_r:postgresql_t
>>>tcontext=root:object_r:tmp_t tclass=sock_file
>>>Jan 4 09:50:29 server2 kernel: audit(1104850229.137:0): avc: denied
>>>{ write } for pid=16133
>>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>>scontext=root:system_r:postgresql_t
>>>tcontext=root:object_r:tmp_t tclass=sock_file
>>>Jan 4 09:50:37 server2 kernel: audit(1104850237.546:0): avc: denied
>>>{ write } for pid=16166
>>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>>scontext=user_u:system_r:postgresql_t
>>>tcontext=root:object_r:tmp_t tclass=sock_file
>>>
>>>
>>>
>>>
>>Looks like postgresql is running under the wrong context.
>>
>>Do a ps -eZ | grep postgres
>>
>>It should not be running unconfined_t.
>>
>>
>
>I don't see unconfine_t in those log messages, just lots of postgresql_t
>as the source context. Can you tell me what you are seeing?
>
>thx - Karsten
>
>
I see that the sock_file was created under tmp_t which indicates a
transition did not happen. Postgresql should
have created the sock file under postgresql_tmp_t, so I surmized that
the postgres daemon is running under unconfined_t.
Dan
More information about the fedora-selinux-list
mailing list