"James B. Byrne" <byrnejb@xxxxxxxxxxxxx> writes:
> Earlier today I attempted to upgrade a production server from 8.1 to
> 8.4 using the pgdg-84-centos.repo. I say attempted because I could
> never get it to support ssl connections and as that is a requirement
> I had to roll back to 8.1.
Can't comment on that without a lot more detail.
> Whatever was the cause of the ssl problem I also encountered a
> surprising number of SELinux violations. The following details the
> SELinux settings that I ultimately had to apply as a local module.
> This took a considerable period of time as each had to be triggered
> in turn in order that the error be identified.
> #============= postgresql_t ==============
> allow postgresql_t var_lib_t:dir rmdir;
> allow postgresql_t var_lib_t:file { write getattr link read unlink
> append };
> Is this to be expected?
AFAIK, the Red Hat RPMs work out-of-the-box with SELinux; I'm a bit
surprised to hear that the PGDG ones don't, because last I heard
they use the same file layout. What the above sounds like to me is that
the data directory tree wasn't correctly labeled as postgresql_db_t.
Maybe a restorecon would have helped?
regards, tom lane
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
