Bug 189764 - Postgres dblink not working with SELinux enabled
Postgres dblink not working with SELinux enabled
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-24 10:05 EDT by Manish Gupta
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-28 16:06:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Manish Gupta 2006-04-24 10:05:45 EDT
Recently, I upgraded one of my server from FC4 to FC5. This also upgraded
postgresql to 8.1.3. The upgrade was flawless as my earlier FC4 install was a
vanilla install. Unfortunately, I cannot get dblink to work in this version of
postgresql. I created two fresh databases and tried... still no luck. I keep
getting the following error:

bulbulbo=# select dblink_connect('hostaddr=127.0.0.1 dbname=bulbulfo user=bulbul
password=password');

ERROR:  could not establish connection
DETAIL:  could not connect to server: Permission denied
      Is the server running on host "127.0.0.1" and accepting
      TCP/IP connections on port 5432?

bulbulbo=# select dblink_connect('dbname=bulbulfo user=bulbul');
ERROR:  could not establish connection
DETAIL:  could not connect to server: Permission denied
       Is the server running locally and accepting
       connections on Unix domain socket "/tmp/.s.PGSQL.5432"?


My pg_hba.conf is as follows:
----------------------
local   all         all                               trust
# IPv4 local connections:
host    all         all         127.0.0.1/32          password
host    all         all         192.168.0.0/24        password
host    all         all         10.1.2.0/24           password

# IPv6 local connections:
host    all         all         ::1/128               sameuser
--------------------

The error seems to be client authentication error. I researched and found that
the message "could not establish connection" seems to be coming from dblink.c
(inside contrib/dblink), and it gets triggred when it is unable to create
connection to the database. I though that this may be happening because libpq is
not working properly. So, I compiled a simple program, written in C, that uses
libpq and that program works fine.

However, the dblink works fine when I disable SELinux on the machine. This led
me to believe that this might be happening because of policy.

Thanks

Manish
Comment 1 Daniel Walsh 2006-04-24 20:22:16 EDT
FIxed in selinux-policy-2.2.34-3.fc5
Comment 3 Daniel Walsh 2007-03-28 16:06:14 EDT
Closing bugs

Note You need to log in before you can comment on or make changes to this bug.