Re: avc denied from postgresql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2004-07-02 at 19:39, Richard Hally wrote:
> Perhaps we need to look at pam_selinux again rather than trying to 
> change the init.d/postgresql script?
<snip>
> What is it about pam_selinux that is causing the problem?
> With your latest changes to postgresql.fc and a couple of allow rules,
> the server starts in the correct context when booting if the pam_selinux 
> line is commented out of pam.d/su. That would indicate to me that there 
> is something about pam_selinux that is the problem. The error message is:
> "Unable to get valid context for postgres, no valid tty"
> Perhaps the problem has to do with the 'no valid tty' part?

pam_selinux is merely asking for a reachable security context for the
new user identity from the current security context.  The problem is
that the SELinux policy has no user identities for these pseudo users,
and it isn't clear that we truly want to go down the path of adding them
(as has been done for some users in the policy/serviceusers files).

-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux