>> type_transition postgresql_t postgresql_t:db_database sepgsql_db_t; >> >> What object is being transitioned on? Other type transitions are >> clearer: a file being created in a directory or a message enqueued to a >> message queue. I won't block merging the policy over this, but I think >> the postgresql_contexts is the better method. > > This type transition rule means a new database is created on a database > management system. A database management system can maintain several > databases in same time, like several files are placed under a directory. > An only difference between a directory and a database management system > is whether it is a process, or not. So, I don't think it is unnatural > method to decide a correct context of newly created database. In properly speaking, I oppose to drop type_transition rule for a newly created database object, don't oppose the postgresql_contexts file. I noticed they are not exclusive options after a carefull consideration. The biggest concern of dropping type_transition is that we cannot decide what security context should be attached for a new database when the postgresql_contexts is lost, if we completely depends on this file. We can help the situation, if we can decide it with type_transition rule when the file or proper entries are not found. If you feel strange to use the context of server process as the target of the type_transition, using the root directory of database cluster is an alternative idea. (It is '/var/lib/sepgsql/data' in default.) Any database files are placed under the directory, like filed placed under a directory. Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
