Postgres and SELinux
Mohd Irwan Jamaluddin
irwan at magnifix.com.my
Thu Jan 5 07:49:03 UTC 2006
On Thu, 2006-01-05 at 13:06 +0530, Dracula wrote:
> Using the default selinux configuration (and being in enforcing mode)
> running postgres results in a following error messages: Jan 4 16:19:04
> app1 kernel: audit(1136387944.487:18): avc: denied { write } for
> pid=4922 comm="postmaster" name="[12868]" dev=pipefs ino=12868
> scontext=root:system_r:postgresql_t tcontext=root:system_r:unconfined_t
> tclass=fifo_file Jan 4 16:19:04 app1 kernel: audit(1136387944.490:19):
> avc: denied { read } for pid=4922 comm="postmaster" name="PG_VERSION"
> dev=md0 ino=2850822 scontext=root:system_r:postgresql_t
> tcontext=user_u:object_r:var_lib_t tclass=file Jan 4 16:19:04 app1
> kernel: audit(1136387944.490:20): avc: denied { getattr } for pid=4922
> comm="postmaster" name="PG_VERSION" dev=md0 ino=2850822
> scontext=root:system_r:postgresql_t tcontext=user_u:object_r:var_lib_t
> tclass=file Jan 4 16:19:04 app1 kernel: audit(1136387944.491:21): avc:
> denied { write } for pid=4922 comm="postmaster" name="pg_control"
> dev=md0 ino=2850829 scontext=root:system_r:postgresql_t
> tcontext=user_u:object_r:var_lib_t tclass=file is there any way to make
> postgres work with selinux?
Run "system-config-securitylevel" -> goto SELinux -> Modify SELinux
Policy -> SELinux Service Protection -> Check the box for PostgreSQL
part.
Restart PostgreSQL service.
Done
OR
Edit /etc/selinux/targeted/booleans & add an entry like this:
"postgresql_disable_trans=1"
Reboot your machine.
Restart PostgreSQL service.
Done.
--
Regards,
+--------------------------------+
| Mohd Irwan Jamaluddin |
| ## System Engineer, |
| (o_ Magnifix Sdn. Bhd. |
| //\ Tel: +603 42705073 |
| V_/_ Fax: +603 42701960 |
| http://www.magnifix.com/ |
+--------------------------------+
More information about the redhat-list
mailing list