Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

21.4. Configuration Examples

21.4.1. PostgreSQL Changing Database Location

When using Red Hat Enterprise Linux, the default location for PostgreSQL to store its database is /var/lib/pgsql/data/. This is where SELinux expects it to be by default, and hence this area is already labeled appropriately for you, using the postgresql_db_t type.
The area where the database is located can be changed depending on individual environment requirements or preferences, however it is important that SELinux is aware of this new location; that it is labeled accordingly. This example explains how to change the location of a PostgreSQL database and then how to label the new location so that SELinux can still provide its protection mechanisms to the new area based on its contents.
Note that this is an example only and demonstrates how SELinux can affect PostgreSQL. Comprehensive documentation of PostgreSQL is beyond the scope of this document. See the official PostgreSQL documentation for further details. This example assumes that the postgresql-server package is installed.
  1. View the SELinux context of the default database location for postgresql: 
    ~]# ls -lZ /var/lib/pgsql
drwx------. postgres postgres system_u:object_r:postgresql_db_t:s0 data
    Copy to Clipboard
    This shows postgresql_db_t which is the default context element for the location of database files. This context will have to be manually applied to the new database location that will be used in this example in order for it to function properly.
  2. Create a new directory for the new location of the database(s). In this example, /opt/postgresql/data/ is used. If you use a different location, replace the text in the following steps with your location: 
    ~]# mkdir -p /opt/postgresql/data
    Copy to Clipboard
  3. Perform a directory listing of the new location. Note that the initial context of the new directory is usr_t. This context is not sufficient for SELinux to offer its protection mechanisms to PostgreSQL. Once the context has been changed, it will be able to function properly in the new area. 
    ~]# ls -lZ /opt/postgresql/
drwxr-xr-x. root root unconfined_u:object_r:usr_t:s0   data
    Copy to Clipboard
  4. Change the ownership of the new location to allow access by the postgres user and group. This sets the traditional Unix permissions which SELinux will still observe. 
    ~]# chown -R postgres:postgres /opt/postgresql
    Copy to Clipboard
  5. Open the /etc/systemd/system/postgresql.service file with a text editor and modify the PGDATA and PGLOG variables to point to the new location: 
    ~]# vi /etc/systemd/system/postgresql.service
PGDATA=/opt/postgresql/data
PGLOG=/opt/postgresql/data/pgstartup.log
    Copy to Clipboard
    Save this file and exit the text editor.
    If the /etc/systemd/system/postgresql.service file does not exist, create it and insert the following content: 
    .include /lib/systemd/system/postgresql.service
[Service]

# Location of database directory
Environment=PGDATA=/opt/postgresql/data
Environment=PGLOG=/opt/postgresql/data/pgstartup.log
    Copy to Clipboard
  6. Initialize the database in the new location: 
    ~]$ su - postgres -c "initdb -D /opt/postgresql/data"
    Copy to Clipboard
  7. Having changed the database location, starting the service will fail at this point: 
    ~]# systemctl start postgresql.service
Job for postgresql.service failed. See 'systemctl status postgresql.service' and 'journalctl -xn' for details.
    Copy to Clipboard
    SELinux has caused the service to not start. This is because the new location is not properly labeled. The following steps explain how to label the new location (/opt/postgresql/) and start the postgresql service properly:
  8. Use the semanage utility to add a context mapping for /opt/postgresql/ and any other directories/files within it: 
    ~]# semanage fcontext -a -t postgresql_db_t "/opt/postgresql(/.*)?"
    Copy to Clipboard
  9. This mapping is written to the /etc/selinux/targeted/contexts/files/file_contexts.local file: 
    ~]# grep -i postgresql /etc/selinux/targeted/contexts/files/file_contexts.local

/opt/postgresql(/.*)?    system_u:object_r:postgresql_db_t:s0
    Copy to Clipboard
  10. Now use the restorecon utility to apply this context mapping to the running system: 
    ~]# restorecon -R -v /opt/postgresql
    Copy to Clipboard
  11. Now that the /opt/postgresql/ location has been labeled with the correct context for PostgreSQL, the postgresql service will start successfully: 
    ~]# systemctl start postgresql.service
    Copy to Clipboard
  12. Confirm the context is correct for /opt/postgresql/: 
    ~]$ ls -lZ /opt
drwxr-xr-x. root root system_u:object_r:postgresql_db_t:s0 postgresql
    Copy to Clipboard
  13. Check with the ps command that the postgresql process displays the new location: 
    ~]# ps aux | grep -i postmaster

postgres 21564  0.3  0.3  42308  4032 ?        S    10:13   0:00 /usr/bin/postmaster -p 5432 -D /opt/postgresql/data/
    Copy to Clipboard
  14. The location has been changed and labeled, and postgresql has started successfully. At this point all running services should be tested to confirm normal operation.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat