[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: staff_t unable to connect SE-PostgreSQL

From: Daniel J Walsh <dwalsh redhat com>
To: KaiGai Kohei <kaigai ak jp nec com>, fedora-selinux-list redhat com
Cc:
Subject: Re: staff_t unable to connect SE-PostgreSQL
Date: Mon, 01 Jun 2009 08:43:31 -0400

On 06/01/2009 02:03 AM, KaiGai Kohei wrote:
> Dan,
> 
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_userdomain.patch
> 
> It seems to me that the patch removes postgresql_role() from the
> userdom_unpriv_user_template(), but it can prevent staff_t to access
> SE-PostgreSQL.
> 
> Could you fix it please?
Ok I added


optional_policy(`
	postgresql_role(staff_r, staff_t)
')

to staff.te,  I do not want all users to be able to manage postgresql.
So this should be user type by user type decision.

Follow-Ups:
- Re: staff_t unable to connect SE-PostgreSQL
  - From: KaiGai Kohei

References:
- staff_t unable to connect SE-PostgreSQL
  - From: KaiGai Kohei

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]