Participants
Ulrich Wisser
Ulrich Wisser
Ian Pilcher
Ian Pilcher
Devrim GÜNDÜZ
Devrim GÜNDÜZ
Lonni J Friedman
Lonni J Friedman
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Ulrich WisserUlrich Wisser
Mar 09, 2005
#2...#8
Devrim GÜNDÜZUlrich WisserLonni J Friedman
to Ulrich Wisser (#1)
Mar 09, 2005
#2Devrim GÜNDÜZDevrim GÜNDÜZto Ulrich Wisser (#1)
Mar 09, 2005
#3Ulrich WisserUlrich Wisserto Devrim GÜNDÜZ (#2)
Mar 09, 2005
#4Lonni J FriedmanLonni J Friedmanto Ulrich Wisser (#3)
Mar 09, 2005
#8Ulrich WisserUlrich Wisserto Lonni J Friedman (#4)
Mar 10, 2005
#5Ian PilcherIan Pilcherto Ulrich Wisser (#1)
Mar 09, 2005
#6Tom LaneTom Laneto Ulrich Wisser (#1)
Mar 09, 2005
#7Ian PilcherIan Pilcherto Tom Lane (#6)
Mar 09, 2005
#9Ulrich WisserUlrich Wisserto Tom Lane (#6)
Mar 10, 2005

Can't start PostgreSQL on Fedora Core3

Started by Ulrich Wisserabout 21 years ago9 messagesgeneral
Jump to latest
#1Ulrich Wisser
Ulrich Wisser
ulrich.wisser@relevanttraffic.se

Hi,

it seems selinix doesn't like postgres. Can I uninstall selinux from
fedora savely? OR is there any way to make them both work together?

Here is my error message:

Mar 9 14:20:33 localhost kernel: audit(1110374433.961:0): avc: denied
{ read } for pid=9251 exe=/usr/bin/postgres name=PG_VERSION dev=dm-1
ino=1255016 scontext=user_u:system_r:postgresql_t
tcontext=root:object_r:var_lib_t tclass=file

Any ideas are welcome!

Thanks

Ulrich

#2Devrim GÜNDÜZ
Devrim GÜNDÜZ
devrim@gunduz.org
In reply to: Ulrich Wisser (#1)
Re: Can't start PostgreSQL on Fedora Core3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Are you using the latest selinux_policy_targeted package? I mean, is your
system up2date?

Regards,
On Wed, 9 Mar 2005, Ulrich Wisser wrote:

Hi,

it seems selinix doesn't like postgres. Can I uninstall selinux from fedora
savely? OR is there any way to make them both work together?

Here is my error message:

Mar 9 14:20:33 localhost kernel: audit(1110374433.961:0): avc: denied {
read } for pid=9251 exe=/usr/bin/postgres name=PG_VERSION dev=dm-1
ino=1255016 scontext=user_u:system_r:postgresql_t
tcontext=root:object_r:var_lib_t tclass=file

Any ideas are welcome!

Thanks

Ulrich

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

- --
Devrim GUNDUZ
devrim~gunduz.org, devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr
http://www.tdmsoft.com http://www.gunduz.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCLvoUtl86P3SPfQ4RAhtKAJ9PAU+3IjRq4oo032ZiXaL9omQmUgCffJ36
yTiQ1KHu33RGd6aHAdhqrWw=
=wKRE
-----END PGP SIGNATURE-----

#3Ulrich Wisser
Ulrich Wisser
ulrich.wisser@relevanttraffic.se
In reply to: Devrim GÜNDÜZ (#2)
Re: Can't start PostgreSQL on Fedora Core3

Sorry,

of course I forgot to mention my installed version. Please find them below:

postgresql-jdbc-7.4.7-3.FC3.1
postgresql-odbc-7.3-8.FC3.1
postgresql-test-7.4.7-3.FC3.1
postgresql-devel-7.4.7-3.FC3.1
postgresql-contrib-7.4.7-3.FC3.1
postgresql-python-7.4.7-3.FC3.1
postgresql-7.4.7-3.FC3.1
postgresql-pl-7.4.7-3.FC3.1
postgresql-server-7.4.7-3.FC3.1
postgresql-tcl-7.4.7-3.FC3.1
postgresql-libs-7.4.7-3.FC3.1
postgresql-docs-7.4.7-3.FC3.1

selinux-policy-targeted-1.17.30-2.85

up2date insists that these packages are all up to date.

Ulrich

Devrim GUNDUZ wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Are you using the latest selinux_policy_targeted package? I mean, is
your system up2date?

Regards,
On Wed, 9 Mar 2005, Ulrich Wisser wrote:

Hi,

it seems selinix doesn't like postgres. Can I uninstall selinux from
fedora savely? OR is there any way to make them both work together?

Here is my error message:

Mar 9 14:20:33 localhost kernel: audit(1110374433.961:0): avc:
denied { read } for pid=9251 exe=/usr/bin/postgres name=PG_VERSION
dev=dm-1 ino=1255016 scontext=user_u:system_r:postgresql_t
tcontext=root:object_r:var_lib_t tclass=file

Any ideas are welcome!

Thanks

Ulrich

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?

http://archives.postgresql.org

- --
Devrim GUNDUZ devrim~gunduz.org, devrim~PostgreSQL.org,
devrim.gunduz~linux.org.tr
http://www.tdmsoft.com http://www.gunduz.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCLvoUtl86P3SPfQ4RAhtKAJ9PAU+3IjRq4oo032ZiXaL9omQmUgCffJ36
yTiQ1KHu33RGd6aHAdhqrWw=
=wKRE
-----END PGP SIGNATURE-----

--
Ulrich Wisser

RELEVANT TRAFFIC SWEDEN AB, Riddarg 17A, SE-114 57 Sthlm, Sweden
Direct (+46)86789755 || Cell (+46)704467893 || Fax (+46)86789769
________________________________________________________________
http://www.relevanttraffic.com

#4Lonni J Friedman
Lonni J Friedman
netllama@gmail.com
In reply to: Ulrich Wisser (#3)
Re: Can't start PostgreSQL on Fedora Core3

On Wed, 09 Mar 2005 14:38:06 +0100, Ulrich Wisser
<ulrich.wisser@relevanttraffic.se> wrote:

Sorry,

of course I forgot to mention my installed version. Please find them below:

postgresql-jdbc-7.4.7-3.FC3.1
postgresql-odbc-7.3-8.FC3.1
postgresql-test-7.4.7-3.FC3.1
postgresql-devel-7.4.7-3.FC3.1
postgresql-contrib-7.4.7-3.FC3.1
postgresql-python-7.4.7-3.FC3.1
postgresql-7.4.7-3.FC3.1
postgresql-pl-7.4.7-3.FC3.1
postgresql-server-7.4.7-3.FC3.1
postgresql-tcl-7.4.7-3.FC3.1
postgresql-libs-7.4.7-3.FC3.1
postgresql-docs-7.4.7-3.FC3.1

selinux-policy-targeted-1.17.30-2.85

up2date insists that these packages are all up to date.

And you're certain that you're using the targetted policy and not strict?

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
L. Friedman netllama@gmail.com
LlamaLand http://netllama.linux-sxs.org

#5Ian Pilcher
Ian Pilcher
i.pilcher@comcast.net
In reply to: Ulrich Wisser (#1)
Re: Can't start PostgreSQL on Fedora Core3

Ulrich Wisser wrote:

Mar 9 14:20:33 localhost kernel: audit(1110374433.961:0): avc: denied
{ read } for pid=9251 exe=/usr/bin/postgres name=PG_VERSION dev=dm-1
ino=1255016 scontext=user_u:system_r:postgresql_t
tcontext=root:object_r:var_lib_t tclass=file

Try running 'restorecon -n -R -v /var/lib/pgsql'. If it suggests
changes that appear to make sense, run 'restorecon -R -v
/var/lib/pgsql'.

HTH

--
========================================================================
Ian Pilcher i.pilcher@comcast.net
========================================================================

#6Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Ulrich Wisser (#1)
Re: Can't start PostgreSQL on Fedora Core3

Ulrich Wisser <ulrich.wisser@relevanttraffic.se> writes:

it seems selinix doesn't like postgres. Can I uninstall selinux from
fedora savely? OR is there any way to make them both work together?

They should work together as long as you have the latest PG RPMs (which
it seems you do) and a reasonably recent selinux-policy-targeted.

One problem is that selinux-policy-targeted updates don't necessarily
propagate to the security labels of the individual files. I think what
you need to do here is
sudo /sbin/restorecon -R /var/lib/pgsql
to ensure that /var/lib/pgsql and all its contents are correctly labeled
per your current installed selinux policy. The reason for thinking
this is that your error message suggests that
/var/lib/pgsql/data/PG_VERSION is labeled root:object_r:var_lib_t,
which I think is the generic default for files under /var/lib,
while in my (working;-)) install it's labeled postgresql_db_t:
$ sudo ls -Z /var/lib/pgsql/data/PG_VERSION
-rw------- postgres postgres root:object_r:postgresql_db_t /var/lib/pgsql/data/PG_VERSION

There's some history and info about variant problems at
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143208

regards, tom lane

#7Ian Pilcher
Ian Pilcher
i.pilcher@comcast.net
In reply to: Tom Lane (#6)
Re: Can't start PostgreSQL on Fedora Core3

Tom Lane wrote:

One problem is that selinux-policy-targeted updates don't necessarily
propagate to the security labels of the individual files.

Sounds like it might be a good idea to add a trigger to the PostgreSQL
RPM to run restorecon when the SELinux policy is updated.

--
========================================================================
Ian Pilcher i.pilcher@comcast.net
========================================================================

#8Ulrich Wisser
Ulrich Wisser
ulrich.wisser@relevanttraffic.se
In reply to: Lonni J Friedman (#4)
Re: Can't start PostgreSQL on Fedora Core3

Lonni J Friedman wrote:

selinux-policy-targeted-1.17.30-2.85

up2date insists that these packages are all up to date.

And you're certain that you're using the targetted policy and not strict?

To be frank, I am not. I have not the slightest idea what all that
selinux is about (beside security in general). I just went with the
default install and here I am.

Ulrich

--
Ulrich Wisser

RELEVANT TRAFFIC SWEDEN AB, Riddarg 17A, SE-114 57 Sthlm, Sweden
Direct (+46)86789755 || Cell (+46)704467893 || Fax (+46)86789769
________________________________________________________________
http://www.relevanttraffic.com

#9Ulrich Wisser
Ulrich Wisser
ulrich.wisser@relevanttraffic.se
In reply to: Tom Lane (#6)
Re: Can't start PostgreSQL on Fedora Core3

Hi Tom,

sudo /sbin/restorecon -R /var/lib/pgsql

worked like a charm!

Thank you very much!

Ulrich

--
Ulrich Wisser

RELEVANT TRAFFIC SWEDEN AB, Riddarg 17A, SE-114 57 Sthlm, Sweden
Direct (+46)86789755 || Cell (+46)704467893 || Fax (+46)86789769
________________________________________________________________
http://www.relevanttraffic.com

← Back to Topics