search for: postgresql_t

...Unfortunately, when I started it up and it tried to init the database, I got a bunch of SELinux errors: Mar 3 13:24:22 dirty kernel: audit(1109874262.006:0): avc: denied { read } for pid=3138 exe=/usr/bin/postgres path=/tmp/sh-thd-1109856265 (deleted) dev=md2 ino=377572 scontext=root:system_r:postgresql_t tcontext=root:object_r:tmp_t tclass=file Mar 3 13:24:22 dirty kernel: audit(1109874262.195:0): avc: denied { read } for pid=3139 exe=/usr/bin/postgres path=/tmp/sh-thd-1109873603 (deleted) dev=md2 ino=377572 scontext=root:system_r:postgresql_t tcontext=root:object_r:tmp_t tclass=file Mar 3 13:...

...d but the security context has still never changed. Do I need to create local SELinux module? I hope anyone could help me out of this. Thank you. ------------------------------------------------------- # sealert -b ........................................ Summary: SELinux is preventing postmaster (postgresql_t) "setattr" to ./db (etc_t). Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./db, restorecon -v './db' If this does not work, there is currently no automatic way to allow this access. Instead,...

...need to run a "copy table to '/home/user/dir/copy.txt';" but I get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir { getattr search }; I changed the "dir" type to tmpfs_t and I could write with "\copy" but not with "copy". Anyway, what are the best practices to allow postgresql "copy to&quo...

...on the the puppet agent has several lines printed similar to the following: kernel: type=1400 audit(1363697390.681:566): avc: denied { read write } for pid=14834 comm="postgres" path="/tmp/puppet20130319-14620-1wpyixh-0" dev=dm-0 ino=1702615 scontext=unconf ined_u:system_r:postgresql_t:s0 tcontext=unconfined_u:object_r:initrc_tmp_t:s0 tclass=file Basically, the messages are complaining that user postgres, via the execution of initdb PostrgreSQL command, cannot write files to data, the destined PGDATA directory, which has proper permissions as shown above by the ls -ald data....

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with