avc denied from postgresql
Richard Hally
rhally at mindspring.com
Sat Jul 3 06:53:59 UTC 2004
Russell Coker wrote:
> Let's get back to basics and look at the concepts rather than AVC messages.
>
Another way of looking at the problem is that with the three allow rules
below the server *will* start but it has a context of user_u:user_r:user_t.
When it is started without the pam_selinux line in pam.d/su, the context
is system_u:system_r:postgresql_t.
>Dan Walsh said:
>You need to setup a server user that can transition to postgresql. A
>transition never happened.
>Dan
Here are the three allow rules:
allow initrc_su_t postgresql_db_t:dir { search };
allow user_t postgresql_db_t:dir { add_name getattr read remove_name
search write };
allow user_t postgresql_db_t:file { create getattr read rename unlink
write };
Thanks for the help,
Richard Hally
More information about the selinux
mailing list