Another way of looking at the problem is that with the three allow rules below the server *will* start but it has a context of user_u:user_r:user_t.Let's get back to basics and look at the concepts rather than AVC messages.
When it is started without the pam_selinux line in pam.d/su, the context is system_u:system_r:postgresql_t.
>Dan Walsh said:
>You need to setup a server user that can transition to postgresql. A >transition never happened.
>Dan
Here are the three allow rules:
allow initrc_su_t postgresql_db_t:dir { search };
allow user_t postgresql_db_t:dir { add_name getattr read remove_name
search write };
allow user_t postgresql_db_t:file { create getattr read rename unlink
write };Thanks for the help, Richard Hally
