<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2800.1400" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2><SPAN
class=140032515-03062004>Hi.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>I have a question
about selinux policy configuration for FC2.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>I need
to forbid access to the postgresql data files from user
root.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>I guess i have to
create certain type for postgresql. Let's name this type
pgsql.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>Thus i have
something like that:</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>[root@selinux
pgsql]# pwd<BR>/var/lib/pgsql<BR></SPAN></FONT><FONT face=Arial size=2><SPAN
class=140032515-03062004>[root@selinux pgsql]# ls -aZ<BR>drwx------+ postgres
postgres <FONT color=#ff0000>postgres:object_r:pgsql_home_dir_t
.<BR></FONT>drwxr-xr-x root
root
system_u:object_r:var_lib_t ..<BR>drwx------
postgres postgres postgres:object_r:pgsql_home_dir_t backups<BR>-rw-------
postgres postgres postgres:object_r:pgsql_home_t
.bash_history<BR>-rw-r--r-- postgres postgres
postgres:object_r:pgsql_home_t .bash_profile<BR>drwx------
postgres postgres <FONT color=#ff0000>postgres:object_r:pgsql_home_dir_t
data<BR></FONT>-rw-r--r-- postgres postgres
postgres:object_r:pgsql_home_t initdb.i18n<BR>drwxr-xr-x+ postgres
postgres postgres:object_r:pgsql_home_t .mc<BR>[root@selinux
pgsql]#</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>So far user root
within sysadm_r role has access to the postgresql data
files.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>I guess i need to
find and revoke this permission from sysadm_r role.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>After looking at the
policy.conf file I can't understand this.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=140032515-03062004>So how can i prevent
access to postgresql data files from user root?</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=140032515-03062004>Thanks.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=140032515-03062004></SPAN></FONT> </DIV></FONT></DIV></BODY></HTML>