When I updated to dev-db/postgresql-server-9.2.1 I discovered that I wasn't able to start correctly the postgresql server. In fact it starts but openrc still think it fails: root@lerya ~ # /etc/init.d/postgresql-9.2 start Authenticating root. Yubikey for root: * Starting PostgreSQL ... pg_ctl: could not start server Examine the log output. * start-stop-daemon: failed to start `/usr/lib/postgresql-9.2/bin/pg_ctl' * Check the log for a possible explanation of the above error. * /var/lib/postgresql/9.2/data/postmaster.log [ !! ] * ERROR: postgresql-9.2 failed to start ---- The postmaster.log is all green but /var/log/avc.log is not: Nov 24 10:41:52 lerya kernel: [1628900.540506] type=1400 audit(1353750112.021:10143): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:53 lerya kernel: [1628901.541540] type=1400 audit(1353750113.022:10144): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:54 lerya kernel: [1628902.542653] type=1400 audit(1353750114.023:10145): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:55 lerya kernel: [1628903.543523] type=1400 audit(1353750115.024:10146): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:56 lerya kernel: [1628904.544533] type=1400 audit(1353750116.025:10147): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:57 lerya kernel: [1628905.545521] type=1400 audit(1353750117.026:10148): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:58 lerya kernel: [1628906.546530] type=1400 audit(1353750118.027:10149): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:41:59 lerya kernel: [1628907.547519] type=1400 audit(1353750119.028:10150): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket Nov 24 10:42:00 lerya kernel: [1628908.548588] type=1400 audit(1353750120.029:10152): avc: denied { connectto } for pid=20481 comm="pg_ctl" path="/run/postgresql/.s.PGSQL.5432" ipaddr=... scontext=system_u:system_r:postgresql_t tcontext=system_u:system_r:postgresql_t tclass=unix_stream_socket ---- I added the following rule and every thing worked well: 'allow postgresql_t self:unix_stream_socket connectto;' root@lerya ~ ## /etc/init.d/postgresql-9.2 start Authenticating root. Yubikey for root: * Starting PostgreSQL ... [ ok ]
thanks, in repo, will be in r9
r9 in hardened-dev overlay
r9 in main repo, ~arch'ed
Forgot to mention... stabilized a while ago ;)
