I am having trouble with SELinux and postgresql. I running Fedora 17 (Beefy Miracle) and PostgreSQL 9.1.6. For my system I am required to remove the 'postgres' user as being the owner of all the DB files as well as the DB superuser. I have created [anotheruser] and have been able to accomplish most of that by making modifications to postgresql.conf (et.al.) I can get that modified service to start by:
'systemctl enable [another].service'
Which starts up the postgres server processes as [anotheruser] and pointing to the directory I specified when I ran 'initdb' as [anotheruser] rather than the default of /var/lib/pgsql ...
However, one of the standard places postgres wants to create sockets for local unix connections is in '/var/run/postgresql'. In my modifications above I had postgresql.conf point to [another/socket/dir] rather than the default. This works... except for SELinux. Applications like pgadmin and psql and ruby/rails attempt to connect to the postgresql server at the default location and NOT the one I specify in postgresql.conf. I can make a symbolic link:
ln -s [another/socket/dir] /var/run/postgresql
and this will allow those apps to connect properly <-- however, this link does not survive a reboot due to SELinux policy <-- at reboot the policy keeps changing the directory back to:
ls -altdZ /var/run/postgresql
drwxr-xr-x. postgres postgres system_u
...so, my link to [another/socket/dir] gets crushed each reboot. I am completely green with SELinux policy and am struggling with selinux commands like "semanage fcontext" and "semodule" and so on and simply am lost at how to eliminate this policy (or modify it) so that SELinux leaves the /var/run/postgresql directory alone.
Any hints as to the proper direction are appreciated.