pg_dump fails on 7.4 Postgres
This may be my second posting but I think I've done it correctly this time.
At this point, I am unable to do a pg_dump using our new Rec Hat
Enterprise Linux AS 4 version of Postgres which is version 7.4.
Here's what I get when I try to do a pg_dump of our database:
---------------------------------------------------------------------------------------------------------------------------
[~]$
[ ~]$ /usr/bin/pg_dump dcf_20050404 >& /~/dcf_20050404_`date +%y%m%d`.dmp
audit(1115732852.025:0): avc: denied { write } for pid=11023
exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp
dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t
tcontext=user_u:object_r:file_t tclass=file
audit(1115732852.025:0): avc: denied { write } for pid=11023
exe=/usr/bin/pg_dump path=//~/dcf_20050404_050510.dmp
dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t
tcontext=user_u:object_r:file_t tclass=file
audit(1115732852.028:0): avc: denied { search } for pid=11023
exe=/usr/bin/pg_dump name=/ dev=sda3 ino=2
scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:file_t
tclass=dir
[ ~]$
----------------------------------------------------------------------------------------------------------------------------
Here's Postgres rpm on the machine in question:
----------------------------------------------------------------------------------------------------------------------------
[~]$ rpm -qa | egrep postgres
postgresql-tcl-7.4.6-1.RHEL4.2
postgresql-pl-7.4.6-1.RHEL4.2
postgresql-docs-7.4.6-1.RHEL4.2
postgresql-odbc-7.3-8
postgresql-7.4.6-1.RHEL4.2
postgresql-server-7.4.6-1.RHEL4.2
postgresql-test-7.4.6-1.RHEL4.2
postgresql-libs-7.4.6-1.RHEL4.2
postgresql-jdbc-7.4.6-1.RHEL4.2
postgresql-python-7.4.6-1.RHEL4.2
postgresql-contrib-7.4.6-1.RHEL4.2
postgresql-devel-7.4.6-1.RHEL4.2
[~]$
----------------------------------------------------------------------------------------------------------------------------
"Jimmie H. Apsey" <japsey@futuredental.com> writes:
This may be my second posting but I think I've done it correctly this time.
At this point, I am unable to do a pg_dump using our new Rec Hat
Enterprise Linux AS 4 version of Postgres which is version 7.4.
Here's what I get when I try to do a pg_dump of our database:
---------------------------------------------------------------------------------------------------------------------------
[~]$
[ ~]$ /usr/bin/pg_dump dcf_20050404 >& /~/dcf_20050404_`date +%y%m%d`.dmp
audit(1115732852.025:0): avc: denied { write } for pid=11023
exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp
dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t
tcontext=user_u:object_r:file_t tclass=file
Looks like your security settings aren't allowing pg_dump to write
files. You should probably talk to Red Hat about how to fix them.
-Doug
"Jimmie H. Apsey" <japsey@futuredental.com> writes:
At this point, I am unable to do a pg_dump using our new Rec Hat
Enterprise Linux AS 4 version of Postgres which is version 7.4.
Here's what I get when I try to do a pg_dump of our database:
[ ~]$ /usr/bin/pg_dump dcf_20050404 >& /~/dcf_20050404_`date +%y%m%d`.dmp
audit(1115732852.025:0): avc: denied { write } for pid=11023
exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp
dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t
tcontext=user_u:object_r:file_t tclass=file
Hmm, what is the SELinux labeling for pg_dump? Try
$ ls -Z /usr/bin/pg_dump
-rwxr-xr-x root root system_u:object_r:bin_t /usr/bin/pg_dump
If you get something other than that, try "/sbin/restorecon -R /usr/bin"
as root; if that doesn't fix it, you probably need to update your
SELinux policy (RPM selinux-policy-targeted). I am not entirely sure
whether a policy RPM update automatically does the equivalent of
"/sbin/restorecon -R /", but if you don't see the right context after
an update, that's what I'd suggest.
Here's Postgres rpm on the machine in question:
postgresql-7.4.6-1.RHEL4.2
postgresql-server-7.4.6-1.RHEL4.2
I think that was what went out on the RHEL4 CD-ROMs, but why aren't you
running up2date? There are serious known bugs in that version. If
you're paying Red Hat for support, you should be using that support ;-)
regards, tom lane
Tom Lane wrote:
Show quoted text
"Jimmie H. Apsey" <japsey@futuredental.com> writes:
At this point, I am unable to do a pg_dump using our new Rec Hat
Enterprise Linux AS 4 version of Postgres which is version 7.4.
Here's what I get when I try to do a pg_dump of our database:[ ~]$ /usr/bin/pg_dump dcf_20050404 >& /~/dcf_20050404_`date +%y%m%d`.dmp
audit(1115732852.025:0): avc: denied { write } for pid=11023
exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp
dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t
tcontext=user_u:object_r:file_t tclass=fileHmm, what is the SELinuxWe disabled
the SELinux protection for the postgres deamon and were able to
successfully run pg_dump on our new Red Hat Enterprise Linux AS 4
postgres. Do you have any opinion about this 'fix'?Jim Apsey labeling for pg_dump? Try
$ ls -Z /usr/bin/pg_dump
-rwxr-xr-x root root system_u:object_r:bin_t /usr/bin/pg_dumpIf you get something other than that, try "/sbin/restorecon -R /usr/bin"
as root; if that doesn't fix it, you probably need to update your
SELinux policy (RPM selinux-policy-targeted). I am not entirely sure
whether a policy RPM update automatically does the equivalent of
"/sbin/restorecon -R /", but if you don't see the right context after
an update, that's what I'd suggest.Here's Postgres rpm on the machine in question:
postgresql-7.4.6-1.RHEL4.2
postgresql-server-7.4.6-1.RHEL4.2I think that was what went out on the RHEL4 CD-ROMs, but why aren't you
running up2date? There are serious known bugs in that version. If
you're paying Red Hat for support, you should be using that support ;-)regards, tom lane
Thank you once again Tom Lane. We disabled the SELinux protection for
the postgres daemon and were able to successfully run pg_dump on our
new Red Hat Enterprise Linux AS 4 postgres. Do you have any opinion
about this 'fix'? We have hired a Linux professional and he installed
AS 4 on our new Dell Server. I don't know how we keep things
up-to-date with up2date anymore.Jim Apsey