[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Postgres directory context



James Young wrote:
Does selinux check context on the whole directory hierarchy when making a
decision about permission to enter a directory? That is, when I try to
access /home/Data/pgsql, will it check the context on /home, then
/home/Data, and then on /home/Data/pgsql? Or will it only check the context
on /home/Data/pgsql?

I want to put a Postgres database in a /home/Data/pgsql/data directory, but
the initrc script will not run it there. I can run it as the postgres user.
The contexts mirror the /var/lib/pgsql/data directory:
user_u:object_r:postgres_db_t. The context of /home/Data/pgsql is
system_u:object_r:var_lib_t.

The whole hierarchy must be readable. Putting server data under /home always causes problems. I'd suggest bind mounting /home/Data/pgsql to /var/lib/pgsql or something similar.

You could change the context type of /home/Data to var_t but you'd probably still have issues with /home itself.

Does Fedora use the reference policy from Tresys exactly? If not, where can
I find the source policy for Fedora. All I can find are the if files.

The selinux-policy SRPM.

Finally, are there any better references for selinux. Everything I've read
seems dated.

http://fedoraproject.org/wiki/SELinux is a decent starting point.

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]