Hi Nathan,
On Wed, 2015-09-09 at 16:56 +0200, Tadej JaneÅ wrote:
> Here are the relevant contents from /var/log/audit/audit.log:
> [...]
> type=AVC msg=audit(1441809789.805:1589): avc: denied { search } for
> pid=5088 comm="perl" name="pgsql" dev="sda1" ino=15399
> scontext=system_u:system_r:pcp_pmcd_t:s0
> tcontext=system_u:object_r:postgresql_db_t:s0 tclass=dir permissive=0
> type=AVC msg=audit(1441809789.805:1590): avc: denied { write } for
> pid=5088 comm="perl" name=".s.PGSQL.5432" dev="tmpfs" ino=20492
> scontext=system_u:system_r:pcp_pmcd_t:s0
> tcontext=system_u:object_r:postgresql_var_run_t:s0 tclass=sock_file
> permissive=0
> [...]
>
> I can confirm this is a SELinux problem, since executing "setenforce 0"
> temporarily fixes the problem.
>
> This is a vanilla Fedora 22 machine with:
> postgresql-9.4.4-1.fc22.x86_64
> pcp-3.10.6-1.fc22.x86_64
> pcp-pmda-postgresql-3.10.6-1.fc22.x86_64
> selinux-policy-targeted-3.13.1-122.fc22.noarch
> perl-DBD-Pg-3.5.1-1.fc22.x86_64
>
> If you prefer, I can file a proper bug report, just tell me where to.
I filled a bug report against Fedora's SELinux policy about this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1262909
Best regards,
Tadej
|