Обсуждение: [SELinux] How to configure it in RHEL 7?
Hi,
I've installed PG9.5 on a virtual machine with Red Hat Enterprise 7. After having initialized the PGDATA folder (stadard path), when I start the service with systemctl SELinux denies the execution of the script for checking the DB data folder.--
Christian Castelli
skype: christrack
skype: christrack
My SELinux atributes are the same (all on), but systemctl still fails at starting PG. Would you share your permissions and SELinux context attributes on bin folder and it's files?
Mine are: root root system_u:object_r:postgresql_exec_t:s0 for PG bin folder and all its files.2016-06-14 11:24 GMT+02:00 Michael H <michael@wemoto.com>:
On 14/06/16 10:11, Christian Castelli wrote:
> Hi,
> I've installed PG9.5 on a virtual machine with Red Hat Enterprise 7.
> After having initialized the PGDATA folder (stadard path), when I start
> the service with systemctl SELinux denies the execution of the script
> for checking the DB data folder.
> It's all summarized on StackExchange
> <http://unix.stackexchange.com/questions/289425/failed-to-start-postgresql-9-5-with-systemctl-selinux>.
> I'm sure it's a SELinux problem because putting PG in permissive mode
> solves the issue.
> Any ideas?
> thanks in advance.
>
> --
> /Christian Castelli
> skype: christrack/
Hi Christian,
We host our database on CentOS 7, these are the only three sebool that
are set to on mentioning postgresql
postgresql_selinux_unconfined_dbadm --> on
postgresql_selinux_users_ddl --> on
selinuxuser_postgresql_connect_enabled --> on
I don't recall having to change anything during the initial install to
get it working though.
run
getsebool -a | grep postgresql
to compare.
Michael
--
Christian Castelli
skype: christrack
skype: christrack
2016-06-14 12:27 GMT+02:00 Michael H <michael@wemoto.com>:
ll -Z postgresql-check-db-dir
root root system_u:object_r:bin_t:s0 postgresql-check-db-dir
Bingo, you have bin_t context, mine was postgresql_exec_t. Now it's working, thanks.
--
Christian Castelli
skype: christrack
skype: christrack