On Monday, January 13, 2025 6:17:20 AM Pacific Standard Time Trevor Hemsley via selinux wrote: > To allow database connections from a web serer you need to toggle an > selinux boolean like > > setsebool -P httpd_can_network_connect_db 1 That's exactly what I did. But that's for network connections to the database on 127.0.0.1, not unix socket connections, afaict. And there are more booleans that are quite specific to postgresql. Maybe I should try the "selinuxuser_postgresql_connect_enabled" boolean. [root@blanco ~]# getsebool -a|grep postgres postgresql_can_rsync --> off postgresql_selinux_transmit_client_label --> off postgresql_selinux_unconfined_dbadm --> on postgresql_selinux_users_ddl --> on selinuxuser_postgresql_connect_enabled --> off [root@blanco ~]# And a really old man page which I can't find installed on the system. https://mgrepl.fedorapeople.org/man_selinux/Fedora18/postgresql.html -- _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
