SELinux/PostgresQL "denied { open } for [..] comm="pg_ctl" path="$PGDATA/postgresql.conf"

postgresql selinux

Solution 1:

Why change the data directory? That just makes your life complicated. You could have mounted the filesystem at the point of the default data directory, and everything would have just worked. It would also be easier to understand and maintain.

Filesystem                  Size  Used Avail Use% Mounted on
/dev/mapper/volgroup-pgsql  1.1T  128K  1.1T   1% /var/lib/pgsql

If you really mean to keep the non-default data directory, then you need to tell SELinux what contexts to apply to that directory and its contents. This is done with semanage fcontext. In this case, we're going to use the --equal option to make your non-default directory have the same contexts as the default directory /var/lib/pgsql.

semanage fcontext --add --equal /var/lib/pgsql /srv/postgres

From the man page:

       -e EQUAL, --equal EQUAL
              Substitute  target  path with sourcepath when generating default
              label. This is used with fcontext. Requires  source  and  target
              path  arguments.  The context labeling for the target subtree is
              made equivalent to that defined for the source.

This is persistent, but it doesn't change existing labels. To finish up, you'll need to run restorecon to reset all the labels.

restorecon -rv /srv/postgres

Related

How to HIDE "client denied by server configuration:" error in log
Can anyone recommend a light-weight Asset Management Tool for a Small Organization (25 assets)? [closed]
iptables port forwarding on debian
Puppet variables not always working
SAS enclosure doesn't restart - MSA60
Linux: how many disk I/O does it take to read a file? How to minimize it?
VsFTPd - LDAP - PAM
Memory Usage in LINUX [duplicate]
Delete specific conntrack entries?
Windows Server 2008 x64, Large File Transfers, and Memory Usage
Many ISP's is block port 25, how do I choose an alternative port?
Securing SSH on Linux Ubuntu