[CentOS] Centos and Selinux issue

Mon Mar 31 18:22:54 UTC 2014
Daniel J Walsh <dwalsh at redhat.com>

Do you actually want the data to be available to both domains at the
same time?  Or could you setup different directories? 

If you want them to be both available you could label it
postgresql_db_t, and then turn on the samba_export_all_ro_boolean or
samba_export_all_rw_boolean.  If this was to loose you could run in
permissive mode and gather the AVC's and then use audit2allow to build a
custom policy module for your access.

On 03/31/2014 10:18 AM, Alessandro Baggi wrote:
> Hi list,
> I'm new to Centos and I've a very small knowledge of selinux use.
> I can disable it, but I prefer take it on for study.
> I've a second mirrored device that I use for file sharing.
> This is the scenario:
> /dev/md2 mounted on /mnt/data
> To make samba working I must set the file context to the path at 
> samba_share_t on /mnt/data. After this samba works.
> Now I'm setting up postgresql on the same machine, and for first disk 
> size I must use /dev/md2.
> After configuring postgresql script to init the db, and setting up the 
> alternative data path pointing to /mnt/data/pgsql/data, initdb or start 
> postgresql fail. This issue is selinux related.
> Now, directory /mnt/data/pgsql/data, has fcontext to samba_share_t and 
> postgresql init script give permission denied on 
> /mnt/data/pgsql/data/postgresql.conf.
> At this point I've tried to set with chcon /mnt/data at postgresql_db_t, 
> rerun initdb and /etc/init.d/postgresql start and all works fine, except 
> for samba. I can't access anymore the share (for context change).
> I've tried to set:
> /mnt/data to samba_share_t
> /mnt/data/pgsql to postgresql_db_t
> but with this config is pgsql that does not work.
> At this point, is possible set to /mnt/data a multiple context to make 
> samba and postgresql to get working on the same path, or I must use 
> "public....."
> It's a better choice mount /dev/md2 on /mnt/data, make to dirs, one for 
> pgsql and another for sambashare, set relative context and start services?
> Thanks in advance.
> Alessandro.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos