Postgres directory context
Paul Howarth
paul at city-fan.org
Fri Jan 12 12:39:52 UTC 2007
James Young wrote:
> Does selinux check context on the whole directory hierarchy when making a
> decision about permission to enter a directory? That is, when I try to
> access /home/Data/pgsql, will it check the context on /home, then
> /home/Data, and then on /home/Data/pgsql? Or will it only check the context
> on /home/Data/pgsql?
>
> I want to put a Postgres database in a /home/Data/pgsql/data directory, but
> the initrc script will not run it there. I can run it as the postgres user.
> The contexts mirror the /var/lib/pgsql/data directory:
> user_u:object_r:postgres_db_t. The context of /home/Data/pgsql is
> system_u:object_r:var_lib_t.
The whole hierarchy must be readable. Putting server data under /home
always causes problems. I'd suggest bind mounting /home/Data/pgsql to
/var/lib/pgsql or something similar.
You could change the context type of /home/Data to var_t but you'd
probably still have issues with /home itself.
> Does Fedora use the reference policy from Tresys exactly? If not, where can
> I find the source policy for Fedora. All I can find are the if files.
The selinux-policy SRPM.
> Finally, are there any better references for selinux. Everything I've read
> seems dated.
http://fedoraproject.org/wiki/SELinux is a decent starting point.
Paul.
More information about the fedora-selinux-list
mailing list