pg_dump not usable with selinux enabled
Gérard Milmeister
gemi at bluewin.ch
Fri Nov 26 23:43:24 UTC 2004
pg_dump cannot be used with selinux enabled.
I get the following messages if trying to dump a database I own:
Nov 27 00:42:47 scriabin kernel: audit(1101512567.196:0): avc: denied
{ getattr } for pid=12210 exe=/usr/bin/pg_dump path=/etc/krb5.conf
dev=hda2 ino=770336 scontext=user_u:system_r:postgresql_t
tcontext=system_u:object_r:krb5_conf_t tclass=file
Nov 27 00:42:47 scriabin kernel: audit(1101512567.196:0): avc: denied
{ getattr } for pid=12210 exe=/usr/bin/pg_dump path=/etc/krb5.conf
dev=hda2 ino=770336 scontext=user_u:system_r:postgresql_t
tcontext=system_u:object_r:krb5_conf_t tclass=file
Nov 27 00:42:47 scriabin kernel: audit(1101512567.197:0): avc: denied
{ read } for pid=12210 exe=/usr/bin/pg_dump name=urandom dev=tmpfs
ino=1031 scontext=user_u:system_r:postgresql_t
tcontext=system_u:object_r:urandom_device_t tclass=chr_file
Nov 27 00:42:47 scriabin kernel: audit(1101512567.199:0): avc: denied
{ search } for pid=12210 exe=/usr/bin/pg_dump name=home dev=hda2
ino=4194307 scontext=user_u:system_r:postgresql_t
tcontext=system_u:object_r:home_root_t tclass=dir
Neither is it possible as users "root" or "postgres"
How should I do database dumps now?
Gemi
More information about the users
mailing list