Re: avc denied from postgresql

[Richard Hally <rhallyx@xxxxxxxxxxxxxx>]

Russell Coker wrote:

> On Tue, 15 Jun 2004 19:20, Richard Hally <rhallyx@xxxxxxxxxxxxxx> wrote:
>  
>
> > During bootup the postgresql server fails to start and produced the
> > following avc denied message:
> >
> > Jun 15 05:09:12 new2 su(pam_unix)[2414]: session opened for user
> > postgres by (uid=0)
> > Jun 15 05:09:13 new2 kernel: audit(1087290553.569:0): avc:  denied  {
> > write } for  pid=2445 exe=/usr/bin/postgres name=data dev=hda2
> > ino=788097 scontext=user_u:user_r:user_t
> > tcontext=system_u:object_r:var_lib_t tclass=dir
> >    
>
> Have you added the following line to postgresql.fc?
> /var/lib/pgsql(/.*)?           system_u:object_r:postgresql_db_t
>
>
>  
With the above change to the postgresql.fc I get the following avc 
denied messages when booting:

Jun 16 00:19:15 new2 su(pam_unix)[2452]: session opened for user 
postgres by (uid=0)
Jun 16 00:19:15 new2 kernel: audit(1087359555.469:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/su name=pgsql dev=hda2 ino=722952 
scontext=system_u:system_r:initrc_su_t 
tcontext=system_u:object_r:postgresql_db_t tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.496:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.521:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 last message repeated 3 times
Jun 16 00:19:15 new2 kernel: audit(1087359555.604:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.674:0): avc:  denied  { 
search } for  pid=2453 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.710:0): avc:  denied  { 
search } for  pid=2473 exe=/bin/bash name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 kernel: audit(1087359555.714:0): avc:  denied  { 
search } for  pid=2484 exe=/bin/sed name=pgsql dev=hda2 ino=722952 
scontext=user_u:user_r:user_t tcontext=system_u:object_r:postgresql_db_t 
tclass=dir
Jun 16 00:19:15 new2 su(pam_unix)[2452]: session closed for user postgres
Jun 16 00:19:15 new2 kernel: audit(1087359555.993:0): avc:  denied  { 
search } for  pid=2482 exe=/usr/bin/postgres name=pgsql dev=hda2 
ino=722952 scontext=user_u:user_r:user_t 
tcontext=system_u:object_r:postgresql_db_t tclass=dir
Jun 16 00:19:16 new2 postgresql: Starting postgresql service:  failed

HTH
Richard Hally