How does SELinux affect the /home directory?
Posted
by Matt Solnit
on Server Fault
See other posts from Server Fault
or by Matt Solnit
Published on 2009-06-26T17:22:07Z
Indexed on
2010/03/29
20:53 UTC
Read the original article
Hit count: 650
Hi everyone. I'm migrating a CentOS 5.3 system from MySQL to PostgreSQL. The way our machine is set up is that the biggest disk partition is mounted to /home
. This is out of my control and is managed by the hosting provider. Anyway, we obviously want the database files to be on /home
for this reason.
With MySQL, we did the following:
- Edited
my.cnf
and changed thedatadir
setting to/home/mysql
- Added a new "File type" policy record (I hope I'm using the right terminology) to set
/home/mysql(/.*)?
tomysqld_db_t
- Ran
restorecon -R /home/mysql
to assign the labels
and everything was good.
With PostgreSQL, however, I did the following:
- Edited
/etc/init.d/postgresql
and changed thePGDATA
andPGLOG
variables to/home/pgsql/data
and/home/pgsql/pgstartup.log
, respectively - Added a new policy record to set
/home/pgsql/pgstartup.log
topostgresql_log_t
- Added a new policy record to set
/home/pgsql/data(/.*)?
topostgresql_db_t
- Ran
restorecon -R /home/pgsql
to assign the labels
At this point, I still cannot start PostgreSQL. pgstartup.log says:
# cat pgstartup.log
postmaster cannot access the server configuration file "/home/pgsql/data/postgresql.conf": Permission denied
The weird thing is that I don't see any messages related to this in /var/log/messages
or /var/log/secure
, but if I turn off SElinux, then everything works.
I made sure all the permissions are correct (600 for files and 700 for directories), as well as the ownership (postgres:postgres).
Can anyone tell me what I am doing wrong?
I'm using the Yum repository from commandprompt.com, version 8.3.7.
EDIT: The reason my question specifically mentions the /home
directory is that if I go through all these steps for any other directory, e.g. /var/lib/pgsql2
or /usr/local/pgsql
, then it works as expected.
© Server Fault or respective owner