selinux warnings when initializing PostgreSQL

Daniel J Walsh dwalsh at redhat.com
Fri Apr 15 18:52:00 UTC 2005


Florin Andrei wrote:

>On Thu, 2005-04-14 at 22:54 -0700, Florin Andrei wrote:
>
>  
>
>>Apr 14 22:47:52 demo kernel: audit(1113544072.328:0): avc:  denied
>>{ read } for  pid=3042 exe=/bin/cp name=config dev=hda2 ino=1212848
>>scontext=root:system_r:postgresql_t
>>tcontext=user_u:object_r:selinux_config_t tclass=file
>>Apr 14 22:47:52 demo kernel: audit(1113544072.334:0): avc:  denied
>>{ getattr } for  pid=3042 exe=/bin/cp path=/etc/selinux/config dev=hda2
>>ino=1212848 scontext=root:system_r:postgresql_t
>>tcontext=user_u:object_r:selinux_config_t tclass=file
>>    
>>
>
>Hm, and now i'm getting something very similar when running a simple DB
>initialization script (create databases, create users, create tables,
>assign privileges) that before (with non-updated FC4t2) did not give any
>SELinux warnings.
>
>Apr 14 22:55:47 demo kernel: audit(1113544547.453:0): avc:  denied
>{ read } for  pid=3269 exe=/bin/cp name=config dev=hda2 ino=1212848
>scontext=root:system_r:postgresql_t
>tcontext=user_u:object_r:selinux_config_t tclass=file
>Apr 14 22:55:47 demo kernel: audit(1113544547.459:0): avc:  denied
>{ getattr } for  pid=3269 exe=/bin/cp path=/etc/selinux/config dev=hda2
>ino=1212848 scontext=root:system_r:postgresql_t
>tcontext=user_u:object_r:selinux_config_t tclass=file
>
>  
>
These are errors you would only see in permissive mode.  Basically in 
enforcing mode the attempt
to read the directory is dontaudited  So the app never tries to read the 
files. 

So we don't fix these problems.  Why are you running in permissive mode?

Dan

-- 





More information about the fedora-test-list mailing list