Обсуждение: [SELinux] How to configure it in RHEL 7?

Поиск
Список
Период
Сортировка

[SELinux] How to configure it in RHEL 7?

От
Christian Castelli
Дата:
Hi,
I've installed PG9.5 on a virtual machine with Red Hat Enterprise 7. After having initialized the PGDATA folder (stadard path), when I start the service with systemctl SELinux denies the execution of the script for checking the DB data folder.
It's all summarized on StackExchange. I'm sure it's a SELinux problem because putting PG in permissive mode solves the issue.
Any ideas?
thanks in advance.

--
Christian Castelli
skype:  christrack

Re: [SELinux] How to configure it in RHEL 7?

От
Christian Castelli
Дата:
My SELinux atributes are the same (all on), but systemctl still fails at starting PG. Would you share your permissions and SELinux context attributes on bin folder and it's files?
Mine are: root root system_u:object_r:postgresql_exec_t:s0 for PG bin folder and all its files.

2016-06-14 11:24 GMT+02:00 Michael H <michael@wemoto.com>:
On 14/06/16 10:11, Christian Castelli wrote:
> Hi,
> I've installed PG9.5 on a virtual machine with Red Hat Enterprise 7.
> After having initialized the PGDATA folder (stadard path), when I start
> the service with systemctl SELinux denies the execution of the script
> for checking the DB data folder.
> It's all summarized on StackExchange
> <http://unix.stackexchange.com/questions/289425/failed-to-start-postgresql-9-5-with-systemctl-selinux>.
> I'm sure it's a SELinux problem because putting PG in permissive mode
> solves the issue.
> Any ideas?
> thanks in advance.
>
> --
> /Christian Castelli
> skype:  christrack/

Hi Christian,

We host our database on CentOS 7, these are the only three sebool that
are set to on mentioning postgresql

postgresql_selinux_unconfined_dbadm --> on
postgresql_selinux_users_ddl --> on
selinuxuser_postgresql_connect_enabled --> on

I don't recall having to change anything during the initial install to
get it working though.

run

getsebool -a | grep postgresql

to compare.

Michael



--
Christian Castelli
skype:  christrack

Re: [SELinux] How to configure it in RHEL 7?

От
Christian Castelli
Дата:

2016-06-14 12:27 GMT+02:00 Michael H <michael@wemoto.com>:
ll -Z postgresql-check-db-dir
root root system_u:object_r:bin_t:s0       postgresql-check-db-dir

Bingo, you have bin_t context, mine was postgresql_exec_t. Now it's working, thanks.

--
Christian Castelli
skype:  christrack