Обсуждение: SELinux for PostgreSQL packages
Hi,
I see that the SELinux contexts for the PostgreSQL service processes are not the same as with the Red Hat packages.
PGDG:
[postgres@serverPGDG~]$ ps auxZ | grep postg
system_u:system_r:unconfined_service_t:s0 postgres 1262 0.0 0.5 709764 47656 ? Ss Dec06 0:44 /usr/pgsql-12/bin/postmaster -D /var/lib/pgsql/12/data
system_u:system_r:unconfined_service_t:s0 postgres 1314 0.0 0.0 143540 4872 ? Ss Dec06 0:13 postgres: logger
system_u:system_r:unconfined_service_t:s0 postgres 1315 0.0 5.4 710356 430848 ? Ss Dec06 0:56 postgres: startup recovering 000000010000001B00000083
system_u:system_r:unconfined_service_t:s0 postgres 1347 0.0 5.3 709964 426368 ? Ss Dec06 0:50 postgres: checkpointer
system_u:system_r:unconfined_service_t:s0 postgres 1348 0.0 0.0 709764 6276 ? Ss Dec06 0:39 postgres: background writer
system_u:system_r:unconfined_service_t:s0 postgres 1349 0.0 0.0 145664 4888 ? Ss Dec06 0:40 postgres: stats collector
system_u:system_r:unconfined_service_t:s0 postgres 128322 0.1 0.1 734652 11556 ? Ss Dec09 38:58 postgres: walreceiver streaming 1B/834697B0
system_u:system_r:unconfined_service_t:s0 postgres 1262 0.0 0.5 709764 47656 ? Ss Dec06 0:44 /usr/pgsql-12/bin/postmaster -D /var/lib/pgsql/12/data
system_u:system_r:unconfined_service_t:s0 postgres 1314 0.0 0.0 143540 4872 ? Ss Dec06 0:13 postgres: logger
system_u:system_r:unconfined_service_t:s0 postgres 1315 0.0 5.4 710356 430848 ? Ss Dec06 0:56 postgres: startup recovering 000000010000001B00000083
system_u:system_r:unconfined_service_t:s0 postgres 1347 0.0 5.3 709964 426368 ? Ss Dec06 0:50 postgres: checkpointer
system_u:system_r:unconfined_service_t:s0 postgres 1348 0.0 0.0 709764 6276 ? Ss Dec06 0:39 postgres: background writer
system_u:system_r:unconfined_service_t:s0 postgres 1349 0.0 0.0 145664 4888 ? Ss Dec06 0:40 postgres: stats collector
system_u:system_r:unconfined_service_t:s0 postgres 128322 0.1 0.1 734652 11556 ? Ss Dec09 38:58 postgres: walreceiver streaming 1B/834697B0
Red Hat:
[posgres@serverRH ~]$ ps auxZ | grep postg
system_u:system_r:postgresql_t:s0 postgres 1264 0.1 0.9 2430608 72256 ? Ss Dec09 35:53 postmaster -D /var/opt/rh/rh-postgresql12/lib/pgsql/data
system_u:system_r:postgresql_t:s0 postgres 1333 0.0 0.0 260072 6064 ? Ss Dec09 16:59 postgres: logger
system_u:system_r:postgresql_t:s0 postgres 1534 0.0 6.2 2430920 498148 ? Ss Dec09 0:58 postgres: checkpointer
system_u:system_r:postgresql_t:s0 postgres 1535 0.0 0.3 2430760 30688 ? Ss Dec09 0:55 postgres: background writer
system_u:system_r:postgresql_t:s0 postgres 1536 0.0 0.2 2430608 17732 ? Ss Dec09 1:40 postgres: walwriter
system_u:system_r:postgresql_t:s0 postgres 1537 0.1 0.0 2431876 2872 ? Ss Dec09 31:34 postgres: autovacuum launcher
system_u:system_r:postgresql_t:s0 postgres 1538 0.0 0.0 255996 1232 ? Ss Dec09 0:09 postgres: archiver last was 000000010000001B00000082.00000028.backup
system_u:system_r:postgresql_t:s0 postgres 1539 0.2 0.0 262536 6708 ? Ss Dec09 68:40 postgres: stats collector
system_u:system_r:postgresql_t:s0 postgres 1540 0.0 0.0 2431180 1692 ? Ss Dec09 0:02 postgres: logical replication launcher
system_u:system_r:postgresql_t:s0 postgres 8865 0.0 0.0 2433904 3884 ? Ss Dec09 1:01 postgres: walsender replicuser1 atqrh8pgsqlr1.atqlan.agri-tracabilite.qc.ca(42284) streaming 1B/834697B0
system_u:system_r:postgresql_t:s0 postgres 1264 0.1 0.9 2430608 72256 ? Ss Dec09 35:53 postmaster -D /var/opt/rh/rh-postgresql12/lib/pgsql/data
system_u:system_r:postgresql_t:s0 postgres 1333 0.0 0.0 260072 6064 ? Ss Dec09 16:59 postgres: logger
system_u:system_r:postgresql_t:s0 postgres 1534 0.0 6.2 2430920 498148 ? Ss Dec09 0:58 postgres: checkpointer
system_u:system_r:postgresql_t:s0 postgres 1535 0.0 0.3 2430760 30688 ? Ss Dec09 0:55 postgres: background writer
system_u:system_r:postgresql_t:s0 postgres 1536 0.0 0.2 2430608 17732 ? Ss Dec09 1:40 postgres: walwriter
system_u:system_r:postgresql_t:s0 postgres 1537 0.1 0.0 2431876 2872 ? Ss Dec09 31:34 postgres: autovacuum launcher
system_u:system_r:postgresql_t:s0 postgres 1538 0.0 0.0 255996 1232 ? Ss Dec09 0:09 postgres: archiver last was 000000010000001B00000082.00000028.backup
system_u:system_r:postgresql_t:s0 postgres 1539 0.2 0.0 262536 6708 ? Ss Dec09 68:40 postgres: stats collector
system_u:system_r:postgresql_t:s0 postgres 1540 0.0 0.0 2431180 1692 ? Ss Dec09 0:02 postgres: logical replication launcher
system_u:system_r:postgresql_t:s0 postgres 8865 0.0 0.0 2433904 3884 ? Ss Dec09 1:01 postgres: walsender replicuser1 atqrh8pgsqlr1.atqlan.agri-tracabilite.qc.ca(42284) streaming 1B/834697B0
I'm not a SELinux expert, but are PGDG binaries using the same SELinux configuration as RH-provided binaries?
On the filesystem side, the contexts seem to be the same.
Thanks,