Bug 508348
Summary: | selinux policy blocks postgresql dblink_connect | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeff Bastian <jbastian> |
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE <qe-baseos-auto> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 5.3 | CC: | cward, mmalik, ohudlick, rlerch, syeghiay, tao |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Previously, SELinux was blocking the connection created by the dblink_connect functionality of PostgreSQL. With this update, selinux-policy has been updated to allow this connection.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2009-09-02 08:00:54 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 513501 |
Description
Jeff Bastian
2009-06-26 17:04:27 UTC
Output of 'audit2allow -R' on the AVC errors: require { type postgresql_t; } #============= postgresql_t ============== corenet_tcp_connect_postgresql_port(postgresql_t) And indeed, compiling the rules in comment 1 into a module fixes the problem. # cat dblink.te policy_module(dblink,0.2) require { type postgresql_t; } #============= postgresql_t ============== corenet_tcp_connect_postgresql_port(postgresql_t) # make Compiling targeted dblink module /usr/bin/checkmodule: loading policy configuration from tmp/dblink.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 6) to tmp/dblink.mod Creating targeted dblink.pp policy package rm tmp/dblink.mod tmp/dblink.mod.fc # semodule -i dblink.pp ... testdb=> SELECT dblink_connect('hostaddr=127.0.0.1 dbname=testdb user=test password=test'); dblink_connect ---------------- OK (1 row) Fixed in selinux-policy-2.4.6-249.el5 Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Previously, SELinux was blocking the connection created by the dblink_connect functionality of PostgreSQL. With this update, selinux-policy has been updated to allow this connection. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1242.html |