Access to the postgresql data files
Igor Borisovsky
igor at datanaut.com
Thu Jun 3 15:43:42 UTC 2004
Hi.
I have a question about selinux policy configuration for FC2.
I need to forbid access to the postgresql data files from user root.
I guess i have to create certain type for postgresql. Let's name this type
pgsql.
Thus i have something like that:
[root at selinux pgsql]# pwd
/var/lib/pgsql
[root at selinux pgsql]# ls -aZ
drwx------+ postgres postgres postgres:object_r:pgsql_home_dir_t .
drwxr-xr-x root root system_u:object_r:var_lib_t ..
drwx------ postgres postgres postgres:object_r:pgsql_home_dir_t backups
-rw------- postgres postgres postgres:object_r:pgsql_home_t .bash_history
-rw-r--r-- postgres postgres postgres:object_r:pgsql_home_t .bash_profile
drwx------ postgres postgres postgres:object_r:pgsql_home_dir_t data
-rw-r--r-- postgres postgres postgres:object_r:pgsql_home_t initdb.i18n
drwxr-xr-x+ postgres postgres postgres:object_r:pgsql_home_t .mc
[root at selinux pgsql]#
So far user root within sysadm_r role has access to the postgresql data
files.
I guess i need to find and revoke this permission from sysadm_r role.
After looking at the policy.conf file I can't understand this.
So how can i prevent access to postgresql data files from user root?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040603/7c5f7643/attachment.htm>
More information about the fedora-selinux-list
mailing list