Posted Jul 10, 2008 2:49 UTC (Thu) by jwb (guest, #15467)
Parent article: SELinux and Fedora
I recently ran into this. Having never used RHEL before, I was forced to use it on a certain
postgres server. I installed the machine with some postgres files on one device, and some
others on another device, and a symlink pointing between the filesystems. I could not get
postgres to start, even though I've installed it that way dozens of times. All I saw were
"permission denied" messages in the log file, but when I checked the file permissions
everything was normal. I even checked getfacl to see if there was some mystery ACL standing
in my way.
It was many hours before I found out that SELinux, for reasons unknown to me, does not allow
the traversal of a symlink between filesystems. Needless to say, I completely disabled
SELinux on that machine. I'm a 10-year veteran of Linux system administration and that
SELinux policy cost me half a day and a good deal of frustration. The benefits, if any, of
SELinux are not obvious. I'd be inclined to disable it by default unless customers are
actually out there clamoring for this hassle.