Re: [GENERAL] pg_dump fails on 7.4 Postgres
Tom Lane wrote: Jimmie H. Apsey [EMAIL PROTECTED] writes: At this point, I am unable to do a pg_dump using our new Rec Hat Enterprise Linux AS 4 version of Postgres which is version 7.4. Here's what I get when I try to do a pg_dump of our database: [ ~]$ /usr/bin/pg_dump dcf_20050404 /~/dcf_20050404_`date +%y%m%d`.dmp audit(1115732852.025:0): avc: denied { write } for pid=11023 exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t tcontext=user_u:object_r:file_t tclass=file Hmm, what is the SELinuxWe disabled the SELinux protection for the postgres deamon and were able to successfully run pg_dump on our new Red Hat Enterprise Linux AS 4 postgres. Do you have any opinion about this 'fix'? Jim Apsey labeling for pg_dump? Try $ ls -Z /usr/bin/pg_dump -rwxr-xr-x root root system_u:object_r:bin_t /usr/bin/pg_dump If you get something other than that, try /sbin/restorecon -R /usr/bin as root; if that doesn't fix it, you probably need to update your SELinux policy (RPM selinux-policy-targeted). I am not entirely sure whether a policy RPM update automatically does the equivalent of /sbin/restorecon -R /, but if you don't see the right context after an update, that's what I'd suggest. Here's Postgres rpm on the machine in question: postgresql-7.4.6-1.RHEL4.2 postgresql-server-7.4.6-1.RHEL4.2 I think that was what went out on the RHEL4 CD-ROMs, but why aren't you running up2date? There are serious known bugs in that version. If you're paying Red Hat for support, you should be using that support ;-) regards, tom lane Thank you once again Tom Lane. We disabled the SELinux protection for the postgres daemon and were able to successfully run pg_dump on our new Red Hat Enterprise Linux AS 4 postgres. Do you have any opinion about this 'fix'? We have hired a Linux professional and he installed AS 4 on our new Dell Server. I don't know how we keep things up-to-date with up2date anymore. Jim Apsey ---(end of broadcast)--- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
[GENERAL] pg_dump fails on 7.4 Postgres
This may be my second posting but I think I've done it correctly this time. At this point, I am unable to do a pg_dump using our new Rec Hat Enterprise Linux AS 4 version of Postgres which is version 7.4. Here's what I get when I try to do a pg_dump of our database: --- [~]$ [ ~]$ /usr/bin/pg_dump dcf_20050404 /~/dcf_20050404_`date +%y%m%d`.dmp audit(1115732852.025:0): avc: denied { write } for pid=11023 exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t tcontext=user_u:object_r:file_t tclass=file audit(1115732852.025:0): avc: denied { write } for pid=11023 exe=/usr/bin/pg_dump path=//~/dcf_20050404_050510.dmp dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t tcontext=user_u:object_r:file_t tclass=file audit(1115732852.028:0): avc: denied { search } for pid=11023 exe=/usr/bin/pg_dump name=/ dev=sda3 ino=2 scontext=user_u:system_r:postgresql_t tcontext=system_u:object_r:file_t tclass=dir [ ~]$ Here's Postgres rpm on the machine in question: [~]$ rpm -qa | egrep postgres postgresql-tcl-7.4.6-1.RHEL4.2 postgresql-pl-7.4.6-1.RHEL4.2 postgresql-docs-7.4.6-1.RHEL4.2 postgresql-odbc-7.3-8 postgresql-7.4.6-1.RHEL4.2 postgresql-server-7.4.6-1.RHEL4.2 postgresql-test-7.4.6-1.RHEL4.2 postgresql-libs-7.4.6-1.RHEL4.2 postgresql-jdbc-7.4.6-1.RHEL4.2 postgresql-python-7.4.6-1.RHEL4.2 postgresql-contrib-7.4.6-1.RHEL4.2 postgresql-devel-7.4.6-1.RHEL4.2 [~]$ ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq
Re: [GENERAL] pg_dump fails on 7.4 Postgres
Jimmie H. Apsey [EMAIL PROTECTED] writes: This may be my second posting but I think I've done it correctly this time. At this point, I am unable to do a pg_dump using our new Rec Hat Enterprise Linux AS 4 version of Postgres which is version 7.4. Here's what I get when I try to do a pg_dump of our database: --- [~]$ [ ~]$ /usr/bin/pg_dump dcf_20050404 /~/dcf_20050404_`date +%y%m%d`.dmp audit(1115732852.025:0): avc: denied { write } for pid=11023 exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t tcontext=user_u:object_r:file_t tclass=file Looks like your security settings aren't allowing pg_dump to write files. You should probably talk to Red Hat about how to fix them. -Doug ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [GENERAL] pg_dump fails on 7.4 Postgres
Jimmie H. Apsey [EMAIL PROTECTED] writes: At this point, I am unable to do a pg_dump using our new Rec Hat Enterprise Linux AS 4 version of Postgres which is version 7.4. Here's what I get when I try to do a pg_dump of our database: [ ~]$ /usr/bin/pg_dump dcf_20050404 /~/dcf_20050404_`date +%y%m%d`.dmp audit(1115732852.025:0): avc: denied { write } for pid=11023 exe=/usr/bin/pg_dump path=/~/dcf_20050404_050510.dmp dev=sda3 ino=5522308 scontext=user_u:system_r:postgresql_t tcontext=user_u:object_r:file_t tclass=file Hmm, what is the SELinux labeling for pg_dump? Try $ ls -Z /usr/bin/pg_dump -rwxr-xr-x root root system_u:object_r:bin_t /usr/bin/pg_dump If you get something other than that, try /sbin/restorecon -R /usr/bin as root; if that doesn't fix it, you probably need to update your SELinux policy (RPM selinux-policy-targeted). I am not entirely sure whether a policy RPM update automatically does the equivalent of /sbin/restorecon -R /, but if you don't see the right context after an update, that's what I'd suggest. Here's Postgres rpm on the machine in question: postgresql-7.4.6-1.RHEL4.2 postgresql-server-7.4.6-1.RHEL4.2 I think that was what went out on the RHEL4 CD-ROMs, but why aren't you running up2date? There are serious known bugs in that version. If you're paying Red Hat for support, you should be using that support ;-) regards, tom lane ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]