-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
psycopg2.errors.InsufficientPrivilege: permission denied for schema public #1239
Comments
This seems like an issue with the user creation rather than with keylime. It seems that now in Postgres 15 you need to give the user permissions to create within the public schema, which was just globally allowed in <15. Or am I missing something? |
I believe you are right. The question is how to approach it on keylime side. Either update some docs we have, maybe drop a comment to keylime.conf. Or maybe handle the error a bit nicer. Or do nothing. |
In my experience working with databases, from an application standpoint you assume the person knows how to configure the users on their database. If there were special permissions that are needed you would mention them in the docs, but I don't know how special this is. Schema creation is pretty necessary for most applications, but I guess it couldn't hurt to mention in the docs that the db user needs permissions to create tables in the configured database/namespace. |
Is your issue a feature request? If so, please raise it as an enhancement
Environment
Description
With pgsql database backend there is a traceback when verifier and registrar start.
This is most likely caused by a change introduced in PostgreSQL 15
https://www.cybertec-postgresql.com/en/error-permission-denied-schema-public/
Expected behavior vs. actual behavior
no traceback, verifier starts properly
Steps to reproduce problem
Scenario is automated in e2e test /functional/db-postgresql-sanity-on-localhost
it is sufficient to schedule it on Fedora Rawhide (basically any keylime PR tested today through Packit CI will be failing on Rawhide because of it).
The text was updated successfully, but these errors were encountered: