Hi.
I have a question
about selinux policy configuration for FC2.
I need
to forbid access to the postgresql data files from user
root.
I guess i have to
create certain type for postgresql. Let's name this type
pgsql.
Thus i have
something like that:
[root@selinux
pgsql]# pwd
/var/lib/pgsql
[root@selinux pgsql]# ls -aZ
drwx------+ postgres postgres postgres:object_r:pgsql_home_dir_t .
drwxr-xr-x root root system_u:object_r:var_lib_t ..
drwx------ postgres postgres postgres:object_r:pgsql_home_dir_t backups
-rw------- postgres postgres postgres:object_r:pgsql_home_t .bash_history
-rw-r--r-- postgres postgres postgres:object_r:pgsql_home_t .bash_profile
drwx------ postgres postgres postgres:object_r:pgsql_home_dir_t data
-rw-r--r-- postgres postgres postgres:object_r:pgsql_home_t initdb.i18n
drwxr-xr-x+ postgres postgres postgres:object_r:pgsql_home_t .mc
[root@selinux pgsql]#
/var/lib/pgsql
[root@selinux pgsql]# ls -aZ
drwx------+ postgres postgres postgres:object_r:pgsql_home_dir_t .
drwxr-xr-x root root system_u:object_r:var_lib_t ..
drwx------ postgres postgres postgres:object_r:pgsql_home_dir_t backups
-rw------- postgres postgres postgres:object_r:pgsql_home_t .bash_history
-rw-r--r-- postgres postgres postgres:object_r:pgsql_home_t .bash_profile
drwx------ postgres postgres postgres:object_r:pgsql_home_dir_t data
-rw-r--r-- postgres postgres postgres:object_r:pgsql_home_t initdb.i18n
drwxr-xr-x+ postgres postgres postgres:object_r:pgsql_home_t .mc
[root@selinux pgsql]#
So far user root
within sysadm_r role has access to the postgresql data
files.
I guess i need to
find and revoke this permission from sysadm_r role.
After looking at the
policy.conf file I can't understand this.
So how can i prevent
access to postgresql data files from user root?
Thanks.
