[colug-432] RHEL6 + Postgres + SELinux = Sadness
josh at globalherald.net
Sun Apr 25 03:00:18 EDT 2010
I have a bit of a quandary here. I am using the RHEL6 64 bit beta and the
PG 8.4.2 that comes with the distro. Under normal circumstances,
everything works fine. However, I'm playing with the XFS filesystem... so
my /opt directory is another volume formatted as XFS. Under /opt I have a
pgdata directory. I've chowned it to postgresql, and configured its
SELinux label thusly:
chcon system_u:object_r:postgresql_db_t:s0 pgdata
The problem occurs with the system init scripts. If I do this:
/usr/sbin/service postgres initdb
...it fails, until I configure SELinux for 'permissive'. If I do the
initdb, then re-activate SELinux and try to:
/usr/sbin/service postgres start
...again, it fails. Under /var/lib/pgsql, the pgstartup.log file says
that there is a 'permission denied' error trying to open
/opt/pgdata/postgresql.conf. Intersting. If I run PG in this manner:
su -l postgres -c "/usr/bin/postmaster -p '5432' -D '/opt/pgdata'"
...everything works fine, I can connect and do selects, etc.
I imagine there is a problem in the domain transition between the init
user and the postgresql user. When I run those commands as root, the root
user is in a different domain than init, so it runs OK.
What is interesting is that setroubleshootd does *not* give any failure
messages as it did under similar circumstances in RHEL5.
Does anyone have experience with this - SELinux in the new RHEL6 beta?
More information about the colug-432