| Summary: | Cannot initialize postgresql when unconfined is removed | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Josh <jokajak> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.1 | CC: | dwalsh, mmalik |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-09 09:59:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
You need to use the latest selinux-policy. Fixed in selinux-policy-3.7.19-124.el6 (In reply to comment #3) > Fixed in selinux-policy-3.7.19-124.el6 confirmed |
Description of problem: postgresql server cannot be initialized when unconfined module is removed Version-Release number of selected component (if applicable): 3.7.19-93.el6_1.7.noarch How reproducible: always Steps to Reproduce: 1. semodule -d unconfined 2. run_init service postgresql initdb 3. Actual results: database partially initialized Expected results: databases fully initialized Additional info: ---- time->Tue Nov 8 18:11:11 2011 type=PATH msg=audit(1320793871.557:29976): item=1 name="/var/lib/pgsql/data/pg_log" inode=3801731 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u :object_r:postgresql_db_t:s0 type=PATH msg=audit(1320793871.557:29976): item=0 name="/var/lib/pgsql/data/" inode=3801142 dev=fd:00 mode=040700 ouid=26 ogid=26 rdev=00:00 obj=system_u:obj ect_r:postgresql_db_t:s0 type=CWD msg=audit(1320793871.557:29976): cwd="/" type=SYSCALL msg=audit(1320793871.557:29976): arch=c000003e syscall=83 success=yes exit=0 a0=7fff8f12cf50 a1=1ff a2=7fff8f12cf50 a3=a items=2 ppid=3890 pid=3961 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=2 comm="mkdir" exe="/bin/mkdir" subj=system_u:system_r:initrc_t:s0 key=(null) type=AVC msg=audit(1320793871.557:29976): avc: denied { create } for pid=3961 comm="mkdir" name="pg_log" scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:postgresql_db_t:s0 tclass=dir ---- time->Tue Nov 8 18:11:11 2011 type=PATH msg=audit(1320793871.559:29977): item=0 name="/var/lib/pgsql/data/pg_log" inode=3801731 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:postgresql_db_t:s0 type=CWD msg=audit(1320793871.559:29977): cwd="/" type=SYSCALL msg=audit(1320793871.559:29977): arch=c000003e syscall=260 success=yes exit=0 a0=ffffffffffffff9c a1=fc37e0 a2=1a a3=1a items=1 ppid=3890 pid=3962 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts3 ses=2 comm="chown" exe="/bin/chown" subj=system_u:system_r:initrc_t:s0 key="perm_mod" type=AVC msg=audit(1320793871.559:29977): avc: denied { setattr } for pid=3962 comm="chown" name="pg_log" dev=dm-0 ino=3801731 scontext=system_u:system_r:initrc_t:s0 tcontext=system_u:object_r:postgresql_db_t:s0 tclass=dir