Needs to prevent executing su.
Russell Coker
russell at coker.com.au
Mon Jun 14 05:48:44 UTC 2004
On Sun, 13 Jun 2004 23:26, igor at datanaut.com wrote:
> Thanks for reply.
> Now root can't access to the postgresql data files.
> I'd tweaked selinux policy for that.
> I just need to prevent executing 'su postgres' command by root.
If you tweaked the policy such that sysadm_t can't access the files, and if
the postgres user does not have a SE Linux identity then su to the postgres
user will not grant access to the files.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list