-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/19/2012 04:19 PM, Dominick Grift wrote: > > > On Wed, 2012-09-19 at 14:10 -0600, Dmitry Makovey wrote: >> On September 19, 2012 15:53:10 Daniel J Walsh wrote: >>> Sure although I had no idea what PITR was until I asked google. >> >> if I may suggest in tune with some other tunables (no pun intended) >> >> postgres_can_rsync ? >> >> PITR, while implemented in most cases just about the same as I outlined >> is more of a concept and could be implemented using alternative >> strategies (say, no SSH involved and dumping directly to NFS share), thus >> mentioning specific ability "rsync" may be more descriptive. >> >> Just my .02CDN on the subject... > > Thanks, good point > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > Sadly it looks like we already have a boolean for this in Fedora fro sepostgresql. optional_policy(` tunable_policy(`sepgsql_enable_pitr_implementation',` corenet_tcp_connect_ssh_port(postgresql_t) rsync_exec(postgresql_t) ssh_read_user_home_files(postgresql_t) ssh_exec(postgresql_t) ') ') Since this has nothing specific to do with sepgsql, we can change the name of the boolean. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBaKXQACgkQrlYvE4MpobM7mQCdGSgG1yBhy67EIW+xS+/FNhrr 8SEAnilexMatY5SZbKU41HYUOloTU/I1 =ZQB6 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
