Access to the postgresql data files
Russell Coker
russell at coker.com.au
Mon Jun 7 12:18:33 UTC 2004
On Mon, 7 Jun 2004 18:59, "Igor Borisovsky" <igor at datanaut.com> wrote:
> I used macro full_user_role() for pgsql type.
> Then I corrected policy.conf file manually. So definitions for the new
> types looks like this:
> type pgsql_home_dir_t, file_type, home_dir_type, home_type,
> user_home_dir_type, user_home_type;
sysadm_t has the privhome attribute which gives it full access to the home
types through macros/user_macros.te .
Trying to edit this all by hand will be really painful, things aren't designed
to work in that way and they won't work well. Defining a new type is really
easy, requires no hand-modification of the generated policy.conf, and because
it's the expected operation it's not going to break anything.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list