Cory Isaacson <cory.isaacson@xxxxxxxxxxxxx> writes: > I think you may be right. There were some audit access denied messages. I > had SELinux in permissive mode, but its tricky to work with. > I generated a new SELinux rule using audit2allow, here is what it looks like > now. Do you think this is adequate? If you're keeping the PG data directory in the standard place (/var/lib/pgsql/data) then you shouldn't need any custom selinux rules. What is more likely is that the directory accidentally acquired the wrong selinux label while you were fooling around. "restorecon" is the easiest way to fix mistakes like that. If you're trying to put the data directory in a nonstandard place then you might need some custom rules. This is beyond my personal experience with selinux, but I seem to recall being told that as long as everything in the data directory is labeled "postgresql_db_t" then it will work no matter where it is. What you would want the custom rule for is to make sure that "restorecon" doesn't relabel the data directory to something else if someone blindly runs it over the whole filesystem. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
