--- /root/public_html/policy/nsa/file_contexts/program/postgresql.fc	2004-10-21 12:56:53.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/postgresql/postgresql.fc	2004-10-28 11:48:44.000000000 +0300
@@ -12,7 +12,7 @@
 /usr/bin/pg_id		--	system_u:object_r:postgresql_exec_t
 /usr/bin/pg_restore	--	system_u:object_r:postgresql_exec_t
 
-/var/lib/postgres(/.*)?		system_u:object_r:postgresql_db_t
+/var/lib/postgres(ql)?(/.*)? system_u:object_r:postgresql_db_t
 /var/lib/pgsql(/.*)?		system_u:object_r:postgresql_db_t
 /var/run/postgresql(/.*)?	system_u:object_r:postgresql_var_run_t
 /etc/postgresql(/.*)?		system_u:object_r:postgresql_etc_t
--- /root/public_html/policy/nsa/domains/program/unused/postgresql.te	2004-10-12 12:32:18.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/postgresql/postgresql.te	2004-10-28 11:48:12.000000000 +0300
@@ -108,3 +108,11 @@
 dontaudit postgresql_t selinux_config_t:dir { search };
 allow postgresql_t mail_spool_t:dir { search };
 rw_dir_create_file(postgresql_t, var_lock_t)
+
+ifdef(`distro_gentoo', `
+# "su - postgres ..." is called from initrc_t
+allow initrc_su_t postgresql_db_t:dir { search };
+allow postgresql_t initrc_su_t:process { sigchld };
+dontaudit initrc_su_t sysadm_devpts_t:chr_file rw_file_perms;
+')
+