I get this a LOT on my fedora postgres server:
kernel: audit(1148742297.318:91630): avc: denied { create } for pid=29176 comm="postmaster" scontext=system_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=netlink_route_socket
It doesn't seem to harm anything, but it hardly seems like it should be there, either. Ideas?
I have exactly the same error messages a lot. I made my own module named postgresql_by_me,but it's exactly the same as yours. Have no idea why,either. I have not yet permitted this,because I don't understand. Postgresql works fine without this I guess.
type=AVC msg=audit(1148623281.334:13): avc: denied { create } for pid=1588 comm="postmaster" scontext=system_u:system_r:postgresql_by_me_t:s0 tcontext=system_u:system_r:postgresql_by_me_t:s0 tclass=netlink_route_socket
2006-05-27 08:06 -0700 Ben wrote:
I get this a LOT on my fedora postgres server:
kernel: audit(1148742297.318:91630): avc: denied { create } for pid=29176 comm="postmaster" scontext=system_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=netlink_route_socket
It doesn't seem to harm anything, but it hardly seems like it should be there, either. Ideas?
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Ben wrote:
I get this a LOT on my fedora postgres server:
kernel: audit(1148742297.318:91630): avc: denied { create } for pid=29176 comm="postmaster" scontext=system_u:system_r:postgresql_t:s0 tcontext=system_u:system_r:postgresql_t:s0 tclass=netlink_route_socket
There have been some changes to glibc that are causing these. So policy is being updated to allow. Basically anything to looks up information through nsswitch is going to need this priv. The domain wants to look at the routing table.
allow postgresql_t self:netlink_route_socket r_netlink_socket_perms;
Fixes the problem.
It doesn't seem to harm anything, but it hardly seems like it should be there, either. Ideas?
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org