Re: Problems running postgresql

From: Richard E Miles (r.godzilla_at_comcast.net)
Date: 05/19/05

  • Next message: Jude DaShiell: "Xorg error 104 translation" 
    Date: Thu, 19 May 2005 14:17:57 -0700
To: Daniel J Walsh <dwalsh@redhat.com>

    On Thu, 19 May 2005 07:42:02 -0400
    Daniel J Walsh <dwalsh@redhat.com> wrote:

    > Richard E Miles wrote:
    >
    > >On Wed, 18 May 2005 09:44:28 -0400
    > >Daniel J Walsh <dwalsh@redhat.com> wrote:
    > >
    > >
    > >
    > >>Richard E Miles wrote:
    > >>
    > >>
    > >>
    > >>>I have been trying to start up the postgresql postmaster server to a database
    > >>>which have all failed. The following are a list of avc: denied messages from
    > >>>/var/log/messages:
    > >>>
    > >>>May 13 13:20:32 localhost kernel: audit(1116015632.155:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
    > >>>May 13 13:20:32 localhost last message repeated 7 times
    > >>>May 13 13:20:32 localhost kernel: audit(1116015632.156:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
    > >>>May 13 13:20:32 localhost last message repeated 3 times
    > >>>May 13 13:20:32 localhost kernel: audit(1116015632.157:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
    > >>>May 13 13:20:32 localhost last message repeated 32 times
    > >>>May 13 13:20:32 localhost kernel: audit(1116015632.158:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
    > >>>May 13 13:20:32 localhost last message repeated 34 times
    > >>>May 13 13:20:32 localhost kernel: audit(1116015632.159:0): avc: denied { write } for pid=16659 exe=/usr/bin/postgres name=pgdb dev=hda2 ino=6471728 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:usr_t tclass=dir
    > >>>
    > >>>Why am I getting write denials? I am running FC3 with targetted policy.
    > >>>
    > >>>
    > >>>
    > >>>
    > >>What file is pgdb?
    > >>
    > >>Dan
    > >>
    > >>
    > >
    > >pgdb is a directory containing the postgresql database. It is in /usr/local
    > >and has my file permissions. ie:
    > >
    > >[rmiles@localhost ~]$ ls -l /usr/local/pgdb
    > >total 76
    > >drwx------ 5 rmiles rmiles 4096 Dec 18 15:05 base
    > >drwx------ 2 rmiles rmiles 4096 Jan 13 18:13 global
    > >drwx------ 2 rmiles rmiles 4096 Dec 18 14:27 pg_clog
    > >-rw------- 1 rmiles rmiles 3396 Dec 18 14:27 pg_hba.conf
    > >-rw------- 1 rmiles rmiles 1441 Dec 18 14:27 pg_ident.conf
    > >-rw------- 1 rmiles rmiles 4 Dec 18 14:27 PG_VERSION
    > >drwx------ 2 rmiles rmiles 4096 Dec 18 14:27 pg_xlog
    > >-rw------- 1 rmiles rmiles 7821 Dec 18 14:27 postgresql.conf
    > >-rw------- 1 rmiles rmiles 43 Jan 13 17:18 postmaster.opts
    > >
    > >Prior to enabling targeted policy I could start the server using
    > >prostmaster -D /usr/local/pgdb. With the targeted policy enabled I get the
    > >denial messages.
    > >
    > >
    > >
    > chcon -R system_u:object_r:postgresql_db_t /usr/local/pgdb
    >
    > Should fix.
    >
    > You might want to add
    > /usr/local/pgdb(/.*)? system_u:object_r:postgresql_db_t
    >
    > to
    >
    > /etc/selinux/targeted/contexts/files/file_contexts.local
    >

    Thanks Dan. That fixed the problem. Will I have to make these changes when FC4
    is released? 

    -- 
Richard E Miles
Federal Way WA. USA
registered linux user 46097
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
  • Next message: Jude DaShiell: "Xorg error 104 translation"

    Relevant Pages

    • Re: E-mail
      ... Select the mail account you want to fix. ... check the server, and the username to make sure they are correct. ... choose Use Secure Connection SSL encryption ... Under Authentication type choose password. ...
      (Fedora)
    • Wolfpack 4.3.11 Server Release
      ... We are happy to announce that Empire 4.3.11 is now available. ... Rewrite the client's code to read server output during login. ... Fix xdump not to deny access to game state tables when maximum ... Fix bug in path command that made it swallow every other step. ...
      (rec.games.empire)
    • Re: Cannot create sites from portal after applying patch http://su
      ... I am hoping that the fix is to W2k3 and not SharePoint Portal Server 2003, ... 2007 level products as well as the Office 2003 level product FrontPage 2003. ... Any word on a fix or did you figure out how to fix. ...
      (microsoft.public.sharepoint.portalserver)
    • Re: Activated 2003SBS asking to be activated again?
      ... > even share with me what the cause or fix were. ... > obvious traces of what he did, and he couldn't divulge the details. ... >>> I'm not saying ignorance is bliss. ... >>> able to correct it without having to rebuild the entire server. ...
      (microsoft.public.windows.server.sbs)
    • Re: Immediate Logoff
      ... What I am saying is that there is no magic button that MSFT can push to fix the problem unless you can give them some information, ... Microsoft MVP - Terminal Server ... however think it is ironic how it happened from a patch. ... Do you know where I can report this to Microsoft for free? ...
      (microsoft.public.windows.terminal_services)