Cory Isaacson <cory.isaacson@compuflex.com> writes:
> I think you may be right. There were some audit access denied messages. I
> had SELinux in permissive mode, but its tricky to work with.
> I generated a new SELinux rule using audit2allow, here is what it looks like
> now. Do you think this is adequate?
If you're keeping the PG data directory in the standard place
(/var/lib/pgsql/data) then you shouldn't need any custom selinux rules.
What is more likely is that the directory accidentally acquired the
wrong selinux label while you were fooling around. "restorecon" is the
easiest way to fix mistakes like that.
If you're trying to put the data directory in a nonstandard place then
you might need some custom rules. This is beyond my personal experience
with selinux, but I seem to recall being told that as long as everything
in the data directory is labeled "postgresql_db_t" then it will work
no matter where it is. What you would want the custom rule for is to
make sure that "restorecon" doesn't relabel the data directory to
something else if someone blindly runs it over the whole filesystem.
regards, tom lane
