Re: SELinux + CREATE TABLESPACE = ?

Folks,

This may have come up before, but I didn't see a specific answer in
the archives.

When I try to do:

CREATE TABLESPACE foo LOCATION '/path/to/foo/which/is/not/under/$PGDATA';

I get:

ERROR: could not set permissions on directory "/path/to/foo/which/is/not/under/$PGDATA"

Apparently this is a SELinux problem. How do I set the policy to
allow for this, or if that's not possible, how do I disable SELinux?

Thanks in advance :)

Cheers,
D
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
phone: +1 415 235 3778 AIM: dfetter666
Skype: davidfetter

Remember to vote!

On Wed, Aug 02, 2006 at 04:47:36PM -0700, David Fetter wrote:
> Folks,
>
> This may have come up before, but I didn't see a specific answer in
> the archives.
>
> When I try to do:
>
> CREATE TABLESPACE foo LOCATION '/path/to/foo/which/is/not/under/$PGDATA';
>
> I get:
>
> ERROR: could not set permissions on directory "/path/to/foo/which/is/not/under/$PGDATA"
>
> Apparently this is a SELinux problem. How do I set the policy to
> allow for this, or if that's not possible, how do I disable SELinux?
>
> Thanks in advance :)

Pardon my self-followup for the archives :)

Thanks to Talha Khan, who said:

> setenforce 1;
>
> will disable SELINUX

Thanks also to Clodoaldo Pinto, who said:

> >Apparently this is a SELinux problem.
>
> Confirm it looking for a message in /var/log/messages.
>
> >How do I set the policy to allow for this,
>
> This Fedora FAQ is good:
> http://fedora.redhat.com/docs/selinux-faq-fc5/#faq-div-controlling-selinux
>
> >or if that's not possible, how do I disable SELinux?
>
> edit /ect/selinux/config

Cheers,
D
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
phone: +1 415 235 3778 AIM: dfetter666
Skype: davidfetter

Remember to vote!

If you rather keep SELinux on, you can still set the SELinux context
on the directory where you want the tablespaces to one postgres will
like.

To find what is the permissions you need, you can use ls -Z. It will
list the SELinux context. Check /var/lib/pgsql/data (or wherever
postgres data is pointing to), and then set this same permission on
the target dir using chcon.

For example, on my FC4 system all subdirectories on the data directory have:
root:object_r:postgresql_db_t or user_u:object_r:postgresql_db_t

So if you want to chage /path/to/foo/which/is/not/under/pgdata, run
(as root or sudo):

chcon root:object_r:postgresql_db_t /path/to/foo/which/is/not/under/pgdata

This way postgres can access it, and you get the SELinux security.

Bye,

Guy.

http://www.famundo.com
http://devblog.famundo.com
- Hide quoted text -

On 8/2/06, David Fetter <david(at)fetter(dot)org> wrote:
> On Wed, Aug 02, 2006 at 04:47:36PM -0700, David Fetter wrote:
> > Folks,
> >
> > This may have come up before, but I didn't see a specific answer in
> > the archives.
> >
> > When I try to do:
> >
> > CREATE TABLESPACE foo LOCATION '/path/to/foo/which/is/not/under/$PGDATA';
> >
> > I get:
> >
> > ERROR: could not set permissions on directory "/path/to/foo/which/is/not/under/$PGDATA"
> >
> > Apparently this is a SELinux problem. How do I set the policy to
> > allow for this, or if that's not possible, how do I disable SELinux?
> >
> > Thanks in advance :)
>
> Pardon my self-followup for the archives :)
>
>
> Thanks to Talha Khan, who said:
>
> > setenforce 1;
> >
> > will disable SELINUX
>
> Thanks also to Clodoaldo Pinto, who said:
>
> > >Apparently this is a SELinux problem.
> >
> > Confirm it looking for a message in /var/log/messages.
> >
> > >How do I set the policy to allow for this,
> >
> > This Fedora FAQ is good:
> > http://fedora.redhat.com/docs/selinux-faq-fc5/#faq-div-controlling-selinux
> >
> > >or if that's not possible, how do I disable SELinux?
> >
> > edit /ect/selinux/config
>
> Cheers,
> D
> --
> David Fetter <david(at)fetter(dot)org> http://fetter.org/
> phone: +1 415 235 3778 AIM: dfetter666
> Skype: davidfetter
>
> Remember to vote!
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>