Reg. postgres running in unconfined_t after enabling selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

I am doing testing of implementing selinux in our application.

 

I  am using RHEL6.2 and the selinux enforced in targeted mode.

 

All the application/postgresql  data is in the NFS mount with all the contents labeled as nfs_t.

 

I have given httpd Boolean access to nfs.

 

When I start the postgres it starts as unconfined_t domain.

 

ps -eZ | egrep 'httpd|java|postmaster'

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5853 ? 00:00:01 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5854 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5860 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5861 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5862 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 5863 ? 00:00:00 postmaster

unconfined_u:system_r:httpd_t:s0 14794 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14796 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14797 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14798 ?       00:00:18 httpd

unconfined_u:system_r:httpd_t:s0 14799 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14800 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14801 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14802 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 14803 ?       00:00:00 httpd

unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 14851 ? 00:00:06 java

unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 14978 ? 00:02:57 java

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16426 ? 00:00:01 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16521 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16522 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16523 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16524 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16525 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16526 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16527 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16528 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16529 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16530 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16633 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 16634 ? 00:00:00 postmaster

unconfined_u:system_r:httpd_t:s0 16702 ?       00:00:00 httpd

unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 17129 ? 00:00:06 java

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17201 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17205 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17206 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17207 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17208 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17209 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17216 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17217 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17218 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17219 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17220 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 17221 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 17260 pts/1 00:00:05 java

unconfined_u:system_r:httpd_t:s0 20918 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 20921 ?       00:00:00 httpd

unconfined_u:system_r:httpd_t:s0 20922 ?       00:00:00 httpd

unconfined_u:unconfined_r:unconfined_java_t:s0-s0:c0.c1023 22851 ? 00:00:13 java

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 22910 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 22911 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 22912 ? 00:00:00 postmaster

unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 22913 ? 00:00:00 postmaster

 

Please advice if this fine or should I change the it.. 


--
Ramkumar Raghavan


--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux