Re: Possible Bug - error creating a tablespace

So I think I *may* have found a bug but I want to be sure before I file a bug.
I did a search on the pgsql-bugs list using the search text:

cannot create tablespace

and got nothing back.

Here's the scenario:

1) we installed CentOS 5.3 x86_64 on a 64bit Dell server

2) I installed the pgdg_centos-8.3-6.noarch rpm in order to enable the 8.3.x
repo.

3) I used yum to install postgres and friends

4) Here's the weird part:
-- If I start the cluster via "sudo /etc/init.d/postgres start" and then try
and create a tablespace it fails with :

create tablespace benchmark2 location '/eq5/pwbbench';
ERROR: could not set permissions on directory "/eq5/pwbbench": Permission
denied

-- however if I start the db as user postgres with:

pg_ctl -D /var/lib/pgsql/data start

and then create the tablespace it works.

Likewise if I create the tablespace after starting the cluster via pg_ctl and
then subsequently restart the db via 'sudo /etc/init.d/postgres start' I get
errors trying to insert data into the previously created tablespace but if I
start the cluster with pg_ctl (as user postgres) then I can also add data to
the tablespace.

I see that in the /etc/init.d/postgres file the start command is running the
postmaster (not pg_ctl) as user postgres.

So, based on the above I suspect Its a bug but I wanted to be sure.

Thoughts?

Kevin Kempter <kevink(at)consistentstate(dot)com> writes:
> 4) Here's the weird part:
> -- If I start the cluster via "sudo /etc/init.d/postgres start" and then try
> and create a tablespace it fails with :

> create tablespace benchmark2 location '/eq5/pwbbench';
> ERROR: could not set permissions on directory "/eq5/pwbbench": Permission
> denied

> -- however if I start the db as user postgres with:

> pg_ctl -D /var/lib/pgsql/data start
> and then create the tablespace it works.

SELinux ... in the first case SELinux recognizes the postmaster as being
a daemon it ought to restrict, in the second case it just thinks it's
an interactive program.

In general, using tablespaces under SELinux requires labeling their root
directories properly; postgresql_db_t if memory serves.

regards, tom lane

On 09/23/2009 04:30 PM, Tom Lane wrote:
> Kevin Kempter <kevink(at)consistentstate(dot)com> writes:
>> 4) Here's the weird part:
>> -- If I start the cluster via "sudo /etc/init.d/postgres start" and then try
>> and create a tablespace it fails with :
>
>> create tablespace benchmark2 location '/eq5/pwbbench';
>> ERROR: could not set permissions on directory "/eq5/pwbbench": Permission
>> denied
>
>> -- however if I start the db as user postgres with:
>
>> pg_ctl -D /var/lib/pgsql/data start
>> and then create the tablespace it works.
>
> SELinux ... in the first case SELinux recognizes the postmaster as being
> a daemon it ought to restrict, in the second case it just thinks it's
> an interactive program.
>
> In general, using tablespaces under SELinux requires labeling their root
> directories properly; postgresql_db_t if memory serves.
>
> regards, tom lane
>

from my notes about Selinux and postgresql under Fedora 11.

try executing the following, in one line as root:

semanage fcontext -a --seuser system_u -t postgresql_db_t
'/eq5/pwbbench(/.*)?'

and after:

restorecon -R -v /eq5/pwbbench