PostgreSQL/SELinux Error - relation "pg_catalog.pg_u ser" does not exist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2005-05-24 at 08:08, Micha Silver wrote:
> > 
> > The best thing to do is add this to /etc/selinux/config
> > 
> > SELINUX=disabled
> > 
> > And then get on with the real jobs....
> > 
> 
> Listening to all the pros and cons of SELinux. 
> I'd like to improve the security of our regional web server using SELinux.
> We have a main regional web site and several virtual domains, kept  up by
> private users, all on the same server. Some of the private users want to run
> php and database apps on their websites. Up till now I steered away from
> allowing users to run anything on their sites, since a breakin to any
> private virtual domain would endanger the whole http process, including the
> main regional site. I'm preparing to switch over to a new (CentOS 4)
> machine, and I thought to set up a different SELinux context for each
> virtual domain, so that a vulnerability in someones private web site would
> be isolated and not be able to crash the other domains.
> Is this achievable *without* SELinux??

The simple-minded way has always been to run a separate http
instance bound to a different port or IP address, running
as a different user.  If you only have one IP address and
need to appear to be on port 80, you can arrange this with
a virtualhost on the main server that uses proxypass or
a rewriterule that results in a proxy connection to the
server running under the other uid.

--- 
  Les Mikesell
   lesmikesell@xxxxxxxxx



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux