* Igor Borisovsky <igor@xxxxxxxxxxxx> [2004-06-11 15:53]:
> root operates as server administrator. Now selinux policy configuration
> forbids root access to the postgresql data files.
> Postgresql database contains secure data. Therefore root must not be able to
> access to this information.
> Instead of there is database administrator. This person is authorized to do
> all database related operations.
> So I need to prevent executing 'su postgres' for root.
You should note that every uid==0 process can change its uid to anything
else, SELinux doesn't restrict this at all.
You can test this as root and user_r with the following perl command:
$ perl -MPOSIX -e 'POSIX::setuid(1000);system("id");'
So you should probably define a new role (say dataop_r) which gets
access to the database and make sure that root is not authorized for it.
I still don't think that it is possible to prevent sysadm_r from
accessing the database (think about replacing binaries, changing the
policy, raw disk access, ...) but others have already said that.
Thomas
--
http://www.cip.ifi.lmu.de/~bleher/selinux/ - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA D09E C562 2BAE B2F4 ABE7
Attachment:
signature.asc
Description: Digital signature
