Displaying 5 results from an estimated 5 matches for "postgresql_t".
2005 Mar 03
11
PostgreSQL & SELinux problem
...Unfortunately, when I
started it up and it tried to init the database, I got a bunch of
SELinux errors:
Mar 3 13:24:22 dirty kernel: audit(1109874262.006:0): avc: denied {
read } for pid=3138 exe=/usr/bin/postgres path=/tmp/sh-thd-1109856265
(deleted) dev=md2 ino=377572 scontext=root:system_r:postgresql_t
tcontext=root:object_r:tmp_t tclass=file
Mar 3 13:24:22 dirty kernel: audit(1109874262.195:0): avc: denied {
read } for pid=3139 exe=/usr/bin/postgres path=/tmp/sh-thd-1109873603
(deleted) dev=md2 ino=377572 scontext=root:system_r:postgresql_t
tcontext=root:object_r:tmp_t tclass=file
Mar 3 13:...
2010 Apr 06
1
SELinux restorecon does not work
...d but the
security context has still never changed. Do I need to create local SELinux
module? I hope anyone could help me out of this. Thank you.
-------------------------------------------------------
# sealert -b
........................................
Summary:
SELinux is preventing postmaster (postgresql_t) "setattr" to ./db (etc_t).
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for ./db,
restorecon -v './db'
If this does not work, there is currently no automatic way to allow this
access. Instead,...
2010 Jul 23
1
postgresql copy to and selinux
...need to run a "copy table to '/home/user/dir/copy.txt';" but I get
permission denied. Filesystem dir modes are ok and I get no event
logged in audit.log, but if I setenforce 0, I can do the copy. This
explains auditd silence:
# sesearch --audit |egrep postgres.*home
dontaudit postgresql_t user_home_dir_t : dir { getattr search };
dontaudit postgresql_t home_root_t : dir { getattr search };
I changed the "dir" type to tmpfs_t and I could write with "\copy" but
not with "copy".
Anyway, what are the best practices to allow postgresql "copy to&quo...
2013 Mar 19
3
Puppet modifying directories by executing shell script as non-root user results in kernel-level insufficient privilege complaints
...on the the puppet
agent has several lines printed similar to the following:
kernel: type=1400 audit(1363697390.681:566): avc: denied { read write }
for pid=14834 comm="postgres" path="/tmp/puppet20130319-14620-1wpyixh-0"
dev=dm-0 ino=1702615 scontext=unconf
ined_u:system_r:postgresql_t:s0
tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=file
Basically, the messages are complaining that user postgres, via the
execution of initdb PostrgreSQL command, cannot write files to data, the
destined PGDATA directory, which has proper permissions as shown above by
the ls -ald data....
2012 Jan 05
6
SELinux and access across 'similar types'
http://wiki.centos.org/HowTos/SELinux
says:
"Access is only allowed between similar types, so Apache running as
httpd_t can read /var/www/html/index.html of type httpd_sys_content_t."
however the doc doesn't define what "similar types" means. I assumed it
just meant "beginning with the same prefix". However that can't be
right because on my system with