Dominick Grift wrote:
> On Fri, 2008-09-26 at 19:25 +0900, KaiGai Kohei wrote:
>
>> Was the sepostgresql related policy backported to F9 selinux-policy?
>
> Not sure about that. I know that i have selinux-policy installed plus
> sepostgresql for f9.
>
> sepostgresql-8.3.3-2.869.fc9.x86_64
> sepostgresql 2.869
> selinux-policy-3.3.1-94.fc9.noarch.rpm
>
> Thanks
Dan,
Could you add the following policy into F9 updates?
It is already merged into upstream policy, but I cannot find it
at selinux-policy-3.3.1-91.
--- at modules/system/libraries.te ---
optional_policy(`
postgresql_loadable_module(lib_t)
postgresql_loadable_module(textrel_shlib_t)
')
--------------------------------------
Lack of this policy prevents database initialization.
$ cat /var/lib/sepgsql/pgstartup.log
:
creating template1 database in /var/lib/sepgsql/data/base/1 ... ok
initializing pg_authid ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating conversions ... FATAL: SELinux: denied { install_module } scontext=unconfined_u:system_r:postgresql_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=db_database name=/usr/lib/pgsql/ascii_and_mic.so
STATEMENT: CREATE OR REPLACE FUNCTION ascii_to_mic (INTEGER, INTEGER, CSTRING, INTERNAL, INTEGER) RETURNS VOID AS '$libdir/ascii_and_mic', 'ascii_to_mic' LANGUAGE C STRICT;
Thanks,
--
KaiGai Kohei <kaigai@xxxxxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
