Aleksey Tsalolikhin <atsaloli.tech@xxxxxxxxx> writes: > On Tue, Mar 31, 2009 at 6:35 PM, David Wilson <david.t.wilson@xxxxxxxxx> wrote: >> Have you tested "ssh node2" as the postgres user with SELinux enabled? > Yes, I have, it works fine. With SELinux enabled. That's why I've > been tearing my hair out. Ah, well, you need to understand one of the first points about SELinux: the standard policy is designed to constrain daemon processes, not interactive processes. So you can run some command when logged in as postgres, and whether that works has nothing whatever to do with whether SELinux will let the postgres daemon do it. > I am running Fedora Core 6 on node 1. (Upgrade to CentOS 5.2 is in > the works.) Yes, I'd suggest getting off FC6 soon. In my experience the SELinux policy didn't start to "just work" until around FC8. In particular I recall that FC6 had a bad habit of trying to rate-limit AVC messages to the point where you could not figure out whether (much less why) it was denying any particular thing you tried. My advice is don't even bother trying to debug this on FC6. Get onto a newer platform with a less buggy SELinux implementation, or just turn off SELinux. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
