From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-137789-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1SNHXQ-0002PR-QZ
	for garchives@archives.gentoo.org; Thu, 26 Apr 2012 05:47:01 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 17B00E0712;
	Thu, 26 Apr 2012 05:46:29 +0000 (UTC)
Received: from smtpq1.gn.mail.iss.as9143.net (smtpq1.gn.mail.iss.as9143.net [212.54.34.164])
	by pigeon.gentoo.org (Postfix) with ESMTP id 13EA8E06CC
	for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 05:45:07 +0000 (UTC)
Received: from [212.54.34.135] (helo=smtp4.gn.mail.iss.as9143.net)
	by smtpq1.gn.mail.iss.as9143.net with esmtp (Exim 4.71)
	(envelope-from <joost@antarean.org>)
	id 1SNHVr-0004zd-41
	for gentoo-user@lists.gentoo.org; Thu, 26 Apr 2012 07:45:07 +0200
Received: from 5ed027d6.cm-7-1a.dynamic.ziggo.nl ([94.208.39.214] helo=data.antarean.org)
	by smtp4.gn.mail.iss.as9143.net with esmtp (Exim 4.71)
	(envelope-from <joost@antarean.org>)
	id 1SNHVp-00058m-PN
	for gentoo-user@lists.gentoo.org; Thu, 26 Apr 2012 07:45:07 +0200
Received: from localhost (localhost [127.0.0.1])
	by data.antarean.org (Postfix) with ESMTP id C2EDE2A8F
	for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 07:46:12 +0200 (CEST)
X-Virus-Scanned: amavisd-new at antarean.org
Received: from data.antarean.org ([127.0.0.1])
	by localhost (data.antarean.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id qJTTQWI8uHmV for <gentoo-user@lists.gentoo.org>;
	Thu, 26 Apr 2012 07:46:11 +0200 (CEST)
Received: from www.antarean.org (net.antarean.org [10.10.11.5])
	by data.antarean.org (Postfix) with ESMTP id EA64A16E8
	for <gentoo-user@lists.gentoo.org>; Thu, 26 Apr 2012 07:46:10 +0200 (CEST)
Received: from 62.132.204.73
        (SquirrelMail authenticated user joost)
        by www.antarean.org with HTTP;
        Thu, 26 Apr 2012 07:46:10 +0200
Message-ID: <bc77886c31c4a32e77d5b79e06660613.squirrel@www.antarean.org>
In-Reply-To: <20120423132130.GA11404@squareownz.org>
References: <20120423132130.GA11404@squareownz.org>
Date: Thu, 26 Apr 2012 07:46:10 +0200
Subject: Re: [gentoo-user] Postgres suddenly can't access files in its /etc
 directory
From: "J. Roeleveld" <joost@antarean.org>
To: gentoo-user@lists.gentoo.org
User-Agent: SquirrelMail/1.4.21
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3 (Normal)
Importance: Normal
Content-Transfer-Encoding: quoted-printable
X-Ziggo-spambar: /
X-Ziggo-spamscore: -0.9
X-Ziggo-spamreport: BAYES_00=-1.9,KHOP_DYNAMIC=0.001,RDNS_DYNAMIC=0.982,T_RP_MATCHES_RCVD=-0.01
X-Ziggo-Spam-Status: No
X-Spam-Status: No
X-Spam-Flag: No
X-Archives-Salt: 1dd9534f-c1ad-4f2a-a1ea-d412a772fe13
X-Archives-Hash: 1e476516366d4b5337be8a72c4fff54f

On Mon, April 23, 2012 3:21 pm, napalm@squareownz.org wrote:
> I'm unsure if I should be posting this to the -hardened mailing list as
> I'm using the hardened profile but all of a sudden I'm getting a rather
> strange error when trying to start postgres.
>
> # /etc/init.d/postgresql-9.1 start
>  * Caching service dependencies ...                                    =
  [
> ok ]
>  * The following file(s) are not readable by 'postgres':
>  *     /etc/postgresql-9.1/postgresql.conf
>  *     /etc/postgresql-9.1/pg_ident.conf
>  *     /etc/postgresql-9.1/pg_hba.conf
>  * HINT: Try: 'chmod 644 /etc/postgresql-9.1/*.conf'
>  * ERROR: postgresql-9.1 failed to start
>
> That's what I'm getting when I attempt to start it and I don't seem to
> have modified anything.
>
> Looking into the init script I can see it's doing su postgres -c "test =
-r
> /etc/postgresql-9.1/pg_hba.conf" and the like but the output of:
> 	su postgres -c "test -r /etc/postgresql-9.1/pg_hba.conf" || echo "fail=
"
> is fail... so I'm quite at a loss as to what could be going on here. Al=
l
> of the files are owned by postgres, have the correct permissions (I ran
> chmod 644 as it hinted) and it should be able to traverse to the direct=
ory
> as everything has the execute bit from /etc onwards.
>
> Any tips?

I don't have much experience with Hardenened, but are you certain that an=
y
permissions (including ACLs) are set correctly for PostgreSQL to access
all its files?

Do you have "sec-policy/selinux-postgresql" installed? And did you
re-emerge this after the update?

--
Joost