summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Raiskup <praiskup@redhat.com>2015-03-17 17:02:28 +0100
committerPavel Raiskup <praiskup@redhat.com>2015-03-18 08:47:27 +0100
commit0a7189b8084e75ad36e36491ccffd2ad1e0b7f34 (patch)
tree839c24f15f298b37f3723207c64f3b511e9a6eb1
parent124140f530d07a951a96be21d1a3cce406c38f0b (diff)
downloadpostgresql-setup-0a7189b8084e75ad36e36491ccffd2ad1e0b7f34.zip
postgresql-setup-0a7189b8084e75ad36e36491ccffd2ad1e0b7f34.tar.gz
postgresql-setup-0a7189b8084e75ad36e36491ccffd2ad1e0b7f34.tar.xz
postgresql-ctl: fix SCLs & SELinux
* postgresql.init.in: Use 'postgres' binary instead of 'postmaster', because it has proper selinux context. * postgresql.service.in: Use postgresql-ctl everywhere, to make sure that correct selinux context is used even with SCL.
-rw-r--r--postgresql-ctl.in21
-rw-r--r--postgresql.init.in6
-rw-r--r--postgresql.service.in11
3 files changed, 26 insertions, 12 deletions
diff --git a/postgresql-ctl.in b/postgresql-ctl.in
index 05bf60b..feef1d2 100644
--- a/postgresql-ctl.in
+++ b/postgresql-ctl.in
@@ -1,7 +1,20 @@
#!/bin/bash
-# This script is compat-wrapper for PGPORT specifying directly in
-# postgresql.service. There is not possible to do conditional step in service
-# file based on (non)existence of PGPORT variable.
+# Thin wrapper arount pg_ctl.
+#
+# This file exists for the following reasons:
+#
+# * It is s compat-wrapper for the cases when PGPORT *is* set directly in
+# postgresql.service (nowadays users should configure port directly in
+# postgresql.conf). This is hack which allows us to do a conditional step
+# before running pg_ctl (which is not allowed by systemd).
+#
+# * This helper script is necessary for having proper SELinux context of daemon
+# process run in SCL environment via systemd/sysvinit service file. Without
+# this script the process looses SELinux type because /usr/bin/scl
+# has context bin_t and 'unit_t -> bin_t' results in unconfined process.
+# This file must thus have 'postgresql_exec_t' fcontext.
-@bindir@/pg_ctl "$@" ${PGPORT+-o "-p $PGPORT"}
+@SCL_SOURCE@
+
+exec @bindir@/pg_ctl "$@" ${PGPORT+-o "-p $PGPORT"}
diff --git a/postgresql.init.in b/postgresql.init.in
index b3bd560..aadd3dd 100644
--- a/postgresql.init.in
+++ b/postgresql.init.in
@@ -87,7 +87,7 @@ script_result=0
start()
{
- [ -x "$PGENGINE/postmaster" ] || exit 5
+ [ -x "$PGENGINE/postgres" ] || exit 5
PSQL_START=$"Starting ${NAME} service: "
@@ -114,7 +114,7 @@ start()
# postmaster is down. This just unnecessarily wastes time and generates
# too much (false) rush in $PGLOG.
run_cmd_as_dbadmin \
- "$PGENGINE/postmaster ${PGPORT+-o "-p $PGPORT"} \
+ "$PGENGINE/postgres ${PGPORT+-o "-p $PGPORT"} \
-D '$PGDATA' ${PGOPTS} &" \
"$PGLOG" "$PGLOG"
@@ -207,7 +207,7 @@ case "$1" in
stop
;;
status)
- status -p "$pidfile" postmaster
+ status -p "$pidfile" postgres
script_result=$?
;;
restart)
diff --git a/postgresql.service.in b/postgresql.service.in
index 560114d..897f732 100644
--- a/postgresql.service.in
+++ b/postgresql.service.in
@@ -30,11 +30,12 @@ Environment=PG_OOM_ADJUST_VALUE=0
ExecStartPre=@libexecdir@/postgresql-check-db-dir %N
-# Temporarily use postgresql-ctl wrapper around pg_ctl until there will
-# exist clients which set PGPORT in service file.
-ExecStart=@SCL_SHELL_WRAPPER@@libexecdir@/postgresql-ctl start -D ${PGDATA} -s -w -t 300
-ExecStop=@SCL_SHELL_WRAPPER@@bindir@/pg_ctl stop -D ${PGDATA} -s -m fast
-ExecReload=@SCL_SHELL_WRAPPER@@bindir@/pg_ctl reload -D ${PGDATA} -s
+# Use convenient postgresql-ctl wrapper instead of directly pg_ctl. See the
+# postgresql-ctl file itself for more info.
+
+ExecStart=@libexecdir@/postgresql-ctl start -D ${PGDATA} -s -w -t 300
+ExecStop=@libexecdir@/postgresql-ctl stop -D ${PGDATA} -s -m fast
+ExecReload=@libexecdir@/postgresql-ctl reload -D ${PGDATA} -s
# Give a reasonable amount of time for the server to start up/shut down
TimeoutSec=300