postgresql with httpd and dotclear

KH KH kwizart at gmail.com
Tue Feb 5 21:04:43 UTC 2008 

2008/2/5, KaiGai Kohei <kaigai at ak.jp.nec.com>:
> Nicolas Chauvet wrote:
> > Hello !
> >
> > I try to use apache and postgresql with the dotclear blog engine.
> > When I try to enter the database information from the admin config
> > wizard within the browser,  have a selinux denial :
> >
> > audit(1202182131.382:34): avc:  denied  { name_connect } for  pid=2604
> > comm="httpd" dest=5432 scontext=system_u:system_r:httpd_t:s0
> > tcontext=system_u:object_r:postgresql_port_t:s0 tclass=tcp_socket
> >
> > [root at haderach ~]# ls -Z /home/www/
> > drwxr-xr-x  root root system_u:object_r:httpd_sys_content_t:s0 dotclear
> >
> > [root at haderach ~]# rpm -q sepostgresql
> > sepostgresql-8.2.6-1.158.fc8
> > selinux-policy-3.0.8-81.fc8
> > selinux-policy-targeted-3.0.8-81.fc8
> >
> > [root at haderach data]# semodule -l |grep postgre
> > sepostgresql    1.158
>
> Can the following command help you?
>
> # setsebool -P httpd_can_network_connect_db=1
>
I does: the error disappeared, but i have another:
from /var/log/sepostgresql.log
FATAL:  sepgsql_system_getpeercon(734): 'user_u:user_r:user_t' is not
a valid context

I have also noticed an error in the same log file:
LOG:  could not open directory "/usr/share/sepgsql/timezone": File or
directory doens't exist
Where i've made a ln -s timezoneset /usr/share/sepgsql/timezone.

About phpPgAdmin: now i can connect but i have this all the time:
--------------
ERROR:  SELinux: denied { set_param }
scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:sepgsql_db_t:s0 tclass=db_database
name=dotclear
STATEMENT:  set datestyle='ISO'
--------------
Seems related to the command used to set the passwd ?!
psql -d dotclear -c "alter user dotclear with password 'my_passwd'"
I have used that previously from a wiki, without noticing well what
means templates1:
psql -d template1 -c "alter user dotclear with password 'my_passwd'"
and the same error sometimes appears with template1 instead of dotclear

> > On the other hand, when i try to use phpPgAdmin, it works. But i need to
> > change: /var/lib/pgsql/data/pg_hba.conf from ident sameuser to
> > md5.(tryed the same for dotclear without sucess).
Was /var/lib/sepgsql/data/pg_hba.conf from the above

More information about the fedora-selinux-list mailing list