On 9/7/2014 9:36 AM, Tom Lane wrote:
> That's not something the PG community can do anything about. If there's a
> bug in the SELinux policy for apache, you need to complain to Red Hat to
> get it fixed.
>
> I suspect though that if you dig a little bit, you will find that this
> case has been foreseen, and there's a SELinux policy boolean that you
> are supposed to set to allow apache processes to do database access.
> A quick browse in the output of "semanage boolean -l" suggests that
> "allow_user_postgresql_connect" might be the right thing, or maybe
> "httpd_can_network_connect_db" ...
the PGDG packagers probably should include some level of database
selinux policy settings. maybe a special RPM that sets the apache
database policy or something.
--
john r pierce 37N 122W
somewhere on the middle of the left coast