[refpolicy] [PATCH] revise roles/dbadm.te (Re: dbadm.pp is not available in selinux-policy package)
Daniel J Walsh
dwalsh at redhat.com
Tue Apr 13 15:15:12 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/13/2010 09:17 AM, Christopher J. PeBenito wrote:
> On Tue, 2010-04-13 at 09:28 +0900, KaiGai Kohei wrote:
>> (2010/04/12 23:09), Christopher J. PeBenito wrote:
>>> On Fri, 2010-04-09 at 14:29 +0900, KaiGai Kohei wrote:
>>>> (2010/04/08 21:15), Daniel J Walsh wrote:
>>>>> As Dominick stated. I prefer to think in terms of two different roles.
>>>>> Login Roles, and Roles to execute in when you have privileges (IE Root).
>>>>>
>>>>> Login Roles/Types
>>>>> staff_t, user_t, unconfined_t, xguest_t, guest_t
>>>>>
>>>>> Three interfaces can be used to create confined login users.
>>>>>
>>>>> userdom_restricted_user_template(guest)
>>>>> userdom_restricted_xwindows_user_template(xguest)
>>>>> userdom_unpriv_user_template(staff)
>>>>>
>>>>>
>>>>> Admin Roles/Types
>>>>> logadm_t, webadm_t, secadm_t, auditadm_t
>>>>>
>>>>> The following interface can be used to create an Admin ROle
>>>>> userdom_base_user_template(logadm)
>>>>>
>>>>>
>>>>> sysadm_t is sort of a hybrid, most people use it as an Admin Role.
>>>>>
>>>>>
>>>>> I imagine that you login as a confined user and then use sudo/newrole to
>>>>> switch roles to one of the admin roles.
>>>>
>>>> The attached patch revises roles/dbadm.te (to be applied on the upstream
>>>> reference policy). It uses userdom_base_user_template() instead of the
>>>> userdom_unpriv_user_template(), and should be launched via sudo/newrole.
>>>> In the default, it intends the dbadm_r role to be launched by staff_r role.
>>>
>>> Why does dbadm need to run setfiles?
>>
>> The database files (typically, /var/lib/(se)?pgsql/*) have to be labeled
>> correctly, so I thought dbadm needs to run setfiles.
>> However, as long as they initialize database files using init script,
>> initrc_t domain performs this initial labeling, so it might not be necessary.
>>
>> On the other hand, PostgreSQL support a feature to use multiple disks
>> within a single database instance for performance utilization.
>> (Called TABLESPACE; I don't know whether MySQL has such a feature.)
>>
>> http://archives.postgresql.org/pgsql-general/2006-08/msg00142.php
>>
>> It requires administrators to assign proper security context on the secondary
>> directory, or to mount the secondary disk with context='...' option.
>>
>> Is there any good idea?
>>
>> Or, it should not be a task for dbadm?
>
> Ok, the transition for setfiles is fine.
>
I would be carefull with this. Since setfiles can take a parameter of a
file context file. I think it would be better to only give
relabefrom/relabelto privs for all labels dbadm_t can manage. Then
figure out what access is required to mount.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvEioAACgkQrlYvE4MpobPgIwCgtK9sqyPvRhj90hfQFZU+ZlpJ
H6UAoIrrEMw2dv/1/QR9Oi/J1iXBhqrx
=dfmE
-----END PGP SIGNATURE-----
More information about the selinux
mailing list