Bug 189764

Summary: Postgres dblink not working with SELinux enabled
Product: [Fedora] Fedora Reporter: Manish Gupta <manish>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5CC: dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Current Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-03-28 20:06:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Manish Gupta 2006-04-24 14:05:45 UTC 
Recently, I upgraded one of my server from FC4 to FC5. This also upgraded
postgresql to 8.1.3. The upgrade was flawless as my earlier FC4 install was a
vanilla install. Unfortunately, I cannot get dblink to work in this version of
postgresql. I created two fresh databases and tried... still no luck. I keep
getting the following error:

bulbulbo=# select dblink_connect('hostaddr=127.0.0.1 dbname=bulbulfo user=bulbul
password=password');

ERROR:  could not establish connection
DETAIL:  could not connect to server: Permission denied
      Is the server running on host "127.0.0.1" and accepting
      TCP/IP connections on port 5432?

bulbulbo=# select dblink_connect('dbname=bulbulfo user=bulbul');
ERROR:  could not establish connection
DETAIL:  could not connect to server: Permission denied
       Is the server running locally and accepting
       connections on Unix domain socket "/tmp/.s.PGSQL.5432"?


My pg_hba.conf is as follows:
----------------------
local   all         all                               trust
# IPv4 local connections:
host    all         all         127.0.0.1/32          password
host    all         all         192.168.0.0/24        password
host    all         all         10.1.2.0/24           password

# IPv6 local connections:
host    all         all         ::1/128               sameuser
--------------------

The error seems to be client authentication error. I researched and found that
the message "could not establish connection" seems to be coming from dblink.c
(inside contrib/dblink), and it gets triggred when it is unable to create
connection to the database. I though that this may be happening because libpq is
not working properly. So, I compiled a simple program, written in C, that uses
libpq and that program works fine.

However, the dblink works fine when I disable SELinux on the machine. This led
me to believe that this might be happening because of policy.

Thanks

Manish
Comment 1 Daniel Walsh 2006-04-25 00:22:16 UTC 
FIxed in selinux-policy-2.2.34-3.fc5
Comment 3 Daniel Walsh 2007-03-28 20:06:14 UTC 
Closing bugs