Do you actually want the data to be available to both domains at the same time? Or could you setup different directories?
If you want them to be both available you could label it postgresql_db_t, and then turn on the samba_export_all_ro_boolean or samba_export_all_rw_boolean. If this was to loose you could run in permissive mode and gather the AVC's and then use audit2allow to build a custom policy module for your access.
On 03/31/2014 10:18 AM, Alessandro Baggi wrote:
Hi list, I'm new to Centos and I've a very small knowledge of selinux use.
I can disable it, but I prefer take it on for study.
I've a second mirrored device that I use for file sharing. This is the scenario:
/dev/md2 mounted on /mnt/data
To make samba working I must set the file context to the path at samba_share_t on /mnt/data. After this samba works.
Now I'm setting up postgresql on the same machine, and for first disk size I must use /dev/md2.
After configuring postgresql script to init the db, and setting up the alternative data path pointing to /mnt/data/pgsql/data, initdb or start postgresql fail. This issue is selinux related.
Now, directory /mnt/data/pgsql/data, has fcontext to samba_share_t and postgresql init script give permission denied on /mnt/data/pgsql/data/postgresql.conf.
At this point I've tried to set with chcon /mnt/data at postgresql_db_t, rerun initdb and /etc/init.d/postgresql start and all works fine, except for samba. I can't access anymore the share (for context change).
I've tried to set:
/mnt/data to samba_share_t /mnt/data/pgsql to postgresql_db_t
but with this config is pgsql that does not work.
At this point, is possible set to /mnt/data a multiple context to make samba and postgresql to get working on the same path, or I must use "public....."
It's a better choice mount /dev/md2 on /mnt/data, make to dirs, one for pgsql and another for sambashare, set relative context and start services?
Thanks in advance.
Alessandro. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos