>If you tweaked the policy such that sysadm_t can't access the files, >and if the postgres user does not have a SE Linux identity then su to >the postgres user will not grant access to the files. Let me explain in more details my problem. What I did: 1. prevented root access to the postgresql data files located at /var/lib/pgsql; 2. created custom pgsql_t type and pgsql_r role; 3. created selinux user postgres: user postgres roles pgsql_r; 4. all postgresql directories and files has a proper types(e.g. pgsql_home_dir_t, pgsql_home_t). Therefore I have two persons: root and postgres. User root is the server administrator, but he can't access to the postgresql data files. And user postgres is the database administrator. He will do all database related operations(e.g. database backup). Hence postgres has access to the postgresql data files. So for security reason i need to prevent transition from user root to user postgres.
