Needs to prevent executing su.
igor at datanaut.com
igor at datanaut.com
Sun Jun 13 13:26:34 UTC 2004
Thanks for reply.
Now root can't access to the postgresql data files.
I'd tweaked selinux policy for that.
I just need to prevent executing 'su postgres' command by root.
> On Sun, 13 Jun 2004 18:43, "Igor Borisovsky" <igor at datanaut.com> wrote:
>> I commented using su_domain() in the admin_domain() macro.
>> So root(in sysadm_t) can't execute su command at all.
>> But it will be better if root can't execute su command only for one certain
>> user.
>
> This gains you nothing. The "root" user as sysadm_t can directly access all
> the postgres files unless you make some other significant changes to the
> policy.
>
> --
> http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list