Bug 162769 - users can't create/use postgres databases
Summary: users can't create/use postgres databases
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted   
(Show other bugs)
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-08 15:23 UTC by Alexandre Oliva
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-20 03:47:17 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Alexandre Oliva 2005-07-08 15:23:10 UTC
Some of my users would like to create their own databases using postgres. 
AFAICT, the targeted policy won't let them do it.  Couldn't they be relaxed
(perhaps with a boolean) so as to enable databases to be created and run in say
users' home dirs, some NFS mounted, some local to the server where they'd run
the database servers?

Comment 1 Daniel Walsh 2005-07-14 16:01:36 UTC
I believe the targeted policy should allow a user to do this.

The postgres application should not transition unless run as a server.

Comment 2 Alexandre Oliva 2005-07-15 03:48:44 UTC
Err...  It certainly doesn't allow a user to run postmaster to have the database
listening on some (non-standard) port, and this is precisely what my user
needed.  I ended up suggesting them to copy the binaries to their own home dir,
such that transitions wouldn't occur and they'd be able to run the servers, but
then, should updates be released, they won't take them automatically, which is
very bad.

Since stopping users from running the database server properly will just lead
them to such undesirable behavior, since they have to get their job done, why
not get the default policy to take care of that already?

Comment 3 Daniel Walsh 2005-07-15 03:56:32 UTC
Ok, I midunderstood,  Could you give me a step by step example of what a user
would do to setup a personal database.  (I have never used postgres before.)

Comment 4 Alexandre Oliva 2005-07-15 05:04:44 UTC
initdb -D ~/mydb # to create the database in ~/mydb
postmaster -D ~/mydb # to start the server

FWIW, this works in FC4 and rawhide, but not in FC3 (as of last Friday).  I
*thought* I'd tested on FC4 as well, and it failed, but since it now works,
maybe I didn't?  Or maybe the recent updates fixed it?

Anyhow, I've changed the but to reflect that the problem affects FC3 only.  This
lowers its priority for me, since I'm very soon rolling FC4 out on the lab.

Comment 5 Daniel Walsh 2005-07-15 17:45:11 UTC
Yes, I was looking at FC4.  In FC3 unconfined_t was transitioning by default on
all targets.  We have removed this in FC4.  It only happens when you start
things via the initscripts.  Seems to more closely match peoples expectations. 
 I really don't want to update FC3 any more, so I will hold off on this until I
have to update it.  FC4 is nice... :^)


Note You need to log in before you can comment on or make changes to this bug.