PostgreSQL/SELinux Error - relation "pg_catalog.pg_u ser" does not exist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> 
> 
> On Tue, 2005-05-24 at 08:08, Micha Silver wrote:
> > > 
> > > The best thing to do is add this to /etc/selinux/config
> > > 
> > > SELINUX=disabled
> > > 
> > > And then get on with the real jobs....
> > > 
> > 
> > Listening to all the pros and cons of SELinux.
> > I'd like to improve the security of our regional web server 
> using SELinux.
> > We have a main regional web site and several virtual 
> domains, kept  up by
> > private users, all on the same server. Some of the private 
> users want to run
> > php and database apps on their websites. Up till now I 
> steered away from
> > allowing users to run anything on their sites, since a 
> breakin to any
> > private virtual domain would endanger the whole http 
> process, including the
> > main regional site. I'm preparing to switch over to a new (CentOS 4)
> > machine, and I thought to set up a different SELinux 
> context for each
> > virtual domain, so that a vulnerability in someones private 
> web site would
> > be isolated and not be able to crash the other domains.
> > Is this achievable *without* SELinux??
> 
> The simple-minded way has always been to run a separate http 
> instance bound to a different port or IP address, running as 
> a different user.  If you only have one IP address and need 
> to appear to be on port 80, you can arrange this with a 
> virtualhost on the main server that uses proxypass or a 
> rewriterule that results in a proxy connection to the server 
> running under the other uid.
> 

Thanks Les,
With several virtual domains, setting each up on a separate port with
rewrite rules, and running several httpd processes under different UIDs
would quickly become not so "simple-minded"

Regards,
Micha
> --- 
>   Les Mikesell
>    lesmikesell@xxxxxxxxx
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
> 

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux