Yuichi Nakamura wrote:
On Wed, 16 Jun 2004 00:31:58 -0400
Richard Hally <rhallyx(a)mindspring.com> wrote:
>With the above change to the postgresql.fc I get the following avc
>denied messages when booting:
You must add
/usr/bin/postgres -- system_u:object_r:postgresql_exec_t
to postgresql.fc
and , comment out
session optional /lib/security/$ISA/pam_selinux.so multiple
from /etc/pam.d/su.
Thanks for the reply, it looks to me that the problem is more like the
policy and file_contexts were written for the way Debian(or some other
distro) installs PostgresSQL and Fedora installs things differently. The
most notable is that in the .fc it has the only postgresql_exec_t with a
regex for /usr/lib(64)?/postgresql/bin/.* and on Fedora the executables
are in /usr/bin.
The question I have is: how do we handle these case where different
distros put the same files in different places? Do we continue to add to
the policy for each different distro?
Richard Hally