Karsten Wade wrote:
On Tue, 2005-01-04 at 11:47 -0500, Daniel J Walsh wrote:
>Dr. Michael J. Chudobiak wrote:
>
>
>
>>[root@server2 log]# grep pg_dumpall messages
>>Jan 4 09:50:13 server2 kernel: audit(1104850213.722:0): avc: denied
>>{ write } for pid=16053
>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>scontext=user_u:system_r:postgresql_t
>>tcontext=root:object_r:tmp_t tclass=sock_file
>>Jan 4 09:50:17 server2 kernel: audit(1104850217.630:0): avc: denied
>>{ write } for pid=16057
>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>scontext=user_u:system_r:postgresql_t
>>tcontext=root:object_r:tmp_t tclass=sock_file
>>Jan 4 09:50:29 server2 kernel: audit(1104850229.137:0): avc: denied
>>{ write } for pid=16133
>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>scontext=root:system_r:postgresql_t
>>tcontext=root:object_r:tmp_t tclass=sock_file
>>Jan 4 09:50:37 server2 kernel: audit(1104850237.546:0): avc: denied
>>{ write } for pid=16166
>>exe=/usr/bin/pg_dumpall name=.s.PGSQL.5432 dev=md0 ino=213026
>>scontext=user_u:system_r:postgresql_t
>>tcontext=root:object_r:tmp_t tclass=sock_file
>>
>>
>>
>>
>Looks like postgresql is running under the wrong context.
>
>Do a ps -eZ | grep postgres
>
>It should not be running unconfined_t.
>
>
I don't see unconfine_t in those log messages, just lots of postgresql_t
as the source context. Can you tell me what you are seeing?
thx - Karsten
I see that the sock_file was created under tmp_t which indicates a
transition did not happen. Postgresql should
have created the sock file under postgresql_tmp_t, so I surmized that
the postgres daemon is running under unconfined_t.
Dan