X-Original-To: pgsql-docs-postgresql.org@localhost.postgresql.org
Received: from localhost (unknown [200.46.204.144])
	by svr1.postgresql.org (Postfix) with ESMTP id 289845343D
	for <pgsql-docs-postgresql.org@localhost.postgresql.org>;
	Fri,  6 May 2005 12:57:51 -0300 (ADT)
Received: from svr1.postgresql.org ([200.46.204.71])
	by localhost (av.hub.org [200.46.204.144]) (amavisd-new, port 10024)
	with ESMTP id 32973-06
	for <pgsql-docs-postgresql.org@localhost.postgresql.org>;
	Fri,  6 May 2005 15:57:48 +0000 (GMT)
Received: from sss.pgh.pa.us (sss.pgh.pa.us [66.207.139.130])
	by svr1.postgresql.org (Postfix) with ESMTP id 4091953419
	for <pgsql-docs@postgresql.org>; Fri,  6 May 2005 12:57:47 -0300 (ADT)
Received: from sss2.sss.pgh.pa.us (tgl@localhost [127.0.0.1])
	by sss.pgh.pa.us (8.13.1/8.13.1) with ESMTP id j46FvlgT015122;
	Fri, 6 May 2005 11:57:47 -0400 (EDT)
To: Jeff - <threshar@torgo.978.org>
Cc: pgsql-docs@postgresql.org
Subject: Re: SELinux & Redhat 
In-reply-to: <6CD32D5F-B466-4E6D-9E73-CFB8957B396F@torgo.978.org> 
References: <BCAFEEBE-43EC-446F-95CF-A920CD43FE36@torgo.978.org>
	<14695.1115393034@sss.pgh.pa.us>
	<6CD32D5F-B466-4E6D-9E73-CFB8957B396F@torgo.978.org>
Comments: In-reply-to Jeff - <threshar@torgo.978.org>
	message dated "Fri, 06 May 2005 11:46:26 -0400"
Date: Fri, 06 May 2005 11:57:47 -0400
Message-ID: <15121.1115395067@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
X-Virus-Scanned: by amavisd-new at hub.org
X-Spam-Status: No, hits=0.006 tagged_above=0 required=5 tests=AWL
X-Spam-Level: 
X-Archive-Number: 200505/11
X-Sequence-Number: 2976

Jeff - <threshar@torgo.978.org> writes:
> When I run pg_dump w/these settings the following happens running  
> pg_dump (.broken is hte original file from the rpm)

> bash-3.00$ /usr/bin/pg_dump.broken planet
> bash-3.00$

Does it work if you direct the output into a file, instead of letting it
come to your terminal (which seems a bit useless anyway)?

I've been bugging dwalsh about the fact that the selinux policy
disallows writes to /dev/tty to things it thinks are daemons;
that seems pretty stupid.  But pg_dump isn't a daemon so there's
no reason for it to be restricted this way anyway...

> and what is interesting is it seems only sometimes things get logged  
> to syslog about the failure.

Someone told me there's a rate limit on selinux complaints going to
syslog, to keep it from swamping your logs.  I suspect there are some
actual bugs there too, because I've noticed cases where an action was
blocked and there wasn't any log message, nor enough activity to
justify a rate limit.  Feel free to file a bugzilla report if you can
get a reproducible case.

			regards, tom lane