postgresql AVC errors
Daniel J Walsh
dwalsh at redhat.com
Thu Jun 8 19:06:39 UTC 2006
Ben wrote:
> I get this a LOT on my fedora postgres server:
>
> kernel: audit(1148742297.318:91630): avc: denied { create } for
> pid=29176 comm="postmaster" scontext=system_u:system_r:postgresql_t:s0
> tcontext=system_u:system_r:postgresql_t:s0 tclass=netlink_route_socket
>
There have been some changes to glibc that are causing these. So policy
is being updated to allow. Basically anything to looks up information
through nsswitch
is going to need this priv. The domain wants to look at the routing table.
allow postgresql_t self:netlink_route_socket r_netlink_socket_perms;
Fixes the problem.
>
> It doesn't seem to harm anything, but it hardly seems like it should
> be there, either. Ideas?
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
More information about the fedora-selinux-list
mailing list