Richard Hally wrote:
Yuichi Nakamura wrote:
On Wed, 16 Jun 2004 00:31:58 -0400 Richard Hally <rhallyx@xxxxxxxxxxxxxx> wrote:
With the above change to the postgresql.fc I get the following avc denied messages when booting:
You must add /usr/bin/postgres -- system_u:object_r:postgresql_exec_t
to postgresql.fc
and , comment out session optional /lib/security/$ISA/pam_selinux.so multiple
from /etc/pam.d/su.
Thanks for the reply, it looks to me that the problem is more like the policy and file_contexts were written for the way Debian(or some other distro) installs PostgresSQL and Fedora installs things differently. The most notable is that in the .fc it has the only postgresql_exec_t with a regex for /usr/lib(64)?/postgresql/bin/.* and on Fedora the executables are in /usr/bin.
The question I have is: how do we handle these case where different distros put the same files in different places? Do we continue to add to the policy for each different distro?
Richard Hally
Added the following. Please check since I know nothing about postgresql.
# # Files from postgresql # /usr/bin/clusterdb -- system_u:object_r:postgresql_exec_t /usr/bin/createdb -- system_u:object_r:postgresql_exec_t /usr/bin/createlang -- system_u:object_r:postgresql_exec_t /usr/bin/createuser -- system_u:object_r:postgresql_exec_t /usr/bin/dropdb -- system_u:object_r:postgresql_exec_t /usr/bin/droplang -- system_u:object_r:postgresql_exec_t /usr/bin/dropuser -- system_u:object_r:postgresql_exec_t /usr/bin/pg_dump -- system_u:object_r:postgresql_exec_t /usr/bin/pg_dumpall -- system_u:object_r:postgresql_exec_t /usr/bin/pg_encoding -- system_u:object_r:postgresql_exec_t /usr/bin/pg_id -- system_u:object_r:postgresql_exec_t /usr/bin/pg_restore -- system_u:object_r:postgresql_exec_t /usr/bin/psql -- system_u:object_r:postgresql_exec_t /usr/bin/vacuumdb -- system_u:object_r:postgresql_exec_t # # Files from postgresql-server # /usr/bin/initdb -- system_u:object_r:postgresql_exec_t /usr/bin/initlocation -- system_u:object_r:postgresql_exec_t /usr/bin/ipcclean -- system_u:object_r:postgresql_exec_t /usr/bin/pg_controldata -- system_u:object_r:postgresql_exec_t /usr/bin/pg_ctl -- system_u:object_r:postgresql_exec_t /usr/bin/pg_resetxlog -- system_u:object_r:postgresql_exec_t /usr/bin/postgres -- system_u:object_r:postgresql_exec_t /usr/bin/postmaster -- system_u:object_r:postgresql_exec_t
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
