RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Postgresql 9.2 connects to its unix stream socket 

When starting postgresql, it fails with the (little saying) error message:
pg_ctl: could not start server

In the denials, we notice:
Nov 24 10:41:52 lerya kernel: [1628900.540506] type=1400
audit(1353750112.021:10143): avc:  denied  { connectto } for  pid=20481
comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=...
scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t
tclass=unix_stream_socket

Hence, allow postgresql to connect to its own stream socket.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
This commit is contained in:
Sven Vermeulen 2012-12-17 10:42:43 +01:00 committed by Chris PeBenito
parent e0f7ab0a8a
commit 84497cc8e8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
policy/modules/services/postgresql.te
View File

@ -234,7 +234,7 @@ allow postgresql_t self:shm create_shm_perms;
allow postgresql_t self:tcp_socket create_stream_socket_perms;
allow postgresql_t self:udp_socket create_stream_socket_perms;
allow postgresql_t self:unix_dgram_socket create_socket_perms;
allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
allow postgresql_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow postgresql_t self:netlink_selinux_socket create_socket_perms;
tunable_policy(`sepgsql_transmit_client_label',`
allow postgresql_t self:process { setsockcreate };