|
PostgreSQL dblink & SELinux |
|
This article describes how to setup SELinux to allow PostgreSQL dblink contrib module. If you're running SELinux and trying to use dblink module, SELinux forbids dblink to connect. Typically error looks like that: ERROR: could not establish connection
could not connect to server: Permission denied
Is the server running on host "127.0.0.1" and accepting
TCP/IP connections on port 5432? To allow dblink to work you need to create new SELinux module. So first create file dblink.te with the rule that will allow dblink to connect: module dblink 1.0;
require {
type postgresql_port_t;
type postgresql_t;
class tcp_socket name_connect;
class unix_stream_socket connectto;
}
#============= postgresql_t ==============
allow postgresql_t postgresql_port_t:tcp_socket name_connect;
allow postgresql_t self:unix_stream_socket connectto; File: dblink.te and then install it: checkmodule -M -m -o dblink.mod dblink.te
semodule_package -o dblink.pp -m dblink.mod
semodule -i dblink.pp Tested on Fedora 8 & PostgreSQL 8.3.3
|
