Dr. Michael J. Chudobiak wrote:
Hi,
I've just installed selinux on my FC3 server using the targeted policy, and everything went well except that I can no longer run /usr/bin/pg_dumpall as a root cron job for backing up postgresql databases. I get this sort of log message, even if I run pg_dump/pg_dumpall as the postgres user:
Dec 30 10:17:01 server2 kernel: audit(1104419821.285:0): avc: denied { execute_no_trans } for pid=24740 exe=/bin/bash path=/usr/bin/pg_dump dev=md0 ino=346137 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:postgresql_exec_t tclass=file
For now, I've disabled the postgres protection using system-config-security-level, and it works fine - but postgresql is unprotected of course.
Is there a way of running pg_dump and pg_dumpall under selinux, without abandoning or rewriting the targeted policy?
- Mike
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
Grab selinux-policy-targeted-1.17.30-2.62 off of ftp://people.redhat.com/dwalsh/SELinux/FC3
