On Sun, 13 Jun 2004 18:43, "Igor Borisovsky" <igor@xxxxxxxxxxxx> wrote: > I commented using su_domain() in the admin_domain() macro. > So root(in sysadm_t) can't execute su command at all. > But it will be better if root can't execute su command only for one certain > user. This gains you nothing. The "root" user as sysadm_t can directly access all the postgres files unless you make some other significant changes to the policy. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
