avc denied from postgresql

Richard Hally rhally at mindspring.com
Sat Jul 3 06:53:59 UTC 2004


Russell Coker wrote:
> Let's get back to basics and look at the concepts rather than AVC messages.
> 
Another way of looking at the problem is that with the three allow rules 
below the server *will* start but it has a context of user_u:user_r:user_t.
When it is started without the pam_selinux line in pam.d/su, the context 
is system_u:system_r:postgresql_t.

 >Dan Walsh said:

 >You need to setup a server user that can transition to postgresql.   A 
 >transition never happened.

 >Dan

Here are the three allow rules:

  allow initrc_su_t postgresql_db_t:dir { search };
  allow user_t postgresql_db_t:dir { add_name getattr read remove_name
  search write };
  allow user_t postgresql_db_t:file { create getattr read rename unlink
  write };

Thanks for the help,
Richard Hally




More information about the selinux mailing list