staff_t unable to connect SE-PostgreSQL
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 1 12:43:31 UTC 2009
On 06/01/2009 02:03 AM, KaiGai Kohei wrote:
> Dan,
>
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_userdomain.patch
>
> It seems to me that the patch removes postgresql_role() from the
> userdom_unpriv_user_template(), but it can prevent staff_t to access
> SE-PostgreSQL.
>
> Could you fix it please?
Ok I added
optional_policy(`
postgresql_role(staff_r, staff_t)
')
to staff.te, I do not want all users to be able to manage postgresql.
So this should be user type by user type decision.
More information about the fedora-selinux-list
mailing list