10:22 PM postgresql cannot access server configuration file |
Faced access denied error when attempting to start postgresql 9.2 with custom database path on CentOS 7: ~]$ sudo systemctl start postgresql.service ~]$ systemctl status postgresql.service The file had been actually in place and with the right permissions and all the dir permissions seemed right too. It was SELinux limiting access to the postgres database files in the non-standard location. Examining the /var/log/audit/audit.log quickly revealed that. The log had the denial record like that: type=AVC msg=audit(1437920005.070:1886): avc: denied { getattr } for pid=5732 comm="postgres" path="/var/pgsql/data/postgresql.conf" dev="dm-0" ino=779014 scontext=system_u:system_r:postgresql_t:s0 tcontext=unconfined_u:object_r:var_t:s0 tclass=file The dir listing with SELinux context had: ~]$ sudo ls -Z /var/pgsql/data
... The most secure way is to relabel corresponding files and to adjust selinux file contexts. In my case the custom location was /var/pgsql/ Initially I did relabel my db files. Since I had no log files yet, it was enough to do just: sudo sudo chcon -R system_u:object_r:postgresql_db_t:s0 /var/pgsql/ You may also have to execute chcon system_u:object_r:postgresql_log_t:s0 on whatever log files you have. Add your new location of the db and log files location's contexts to selinux fcontext. Since in my case the custom location was /var/pgsql/, - I added:
sudo semanage fcontext -a -t postgresql_db_t '/var/pgsql(/.*)?' After all this magic, postgresql was able to successfully start with the database in my custom location. If you don't have to be that secure, you may just set SELinux into permissive mode, or turn it off (not recommended). See how. Good luck :-) |
|
Total comments: 0 | |