On Wed, 26 May 2004 14:17:40 +1000, Russell Coker said:
How should we determine who gets mysql client access? Should we have
a
tunable determining whether we allow userdomain?
That might be a good solution..
Why have mysql_cmd_t instead of just allowing user_t directly? What
is the
benefit in having a domain for client access?
Thinko on my part - I invented the cmd_t because I'd been fighting various
issues for about 14 hours at that point, and didn't parse through mysqld.te,
apache.te, and mysqld.fc sufficiently to realize that the var_run_t was
identical in semantics (somehow, I was convince that var_run_t included
something I didn't want in cmd_t, but that was wrong).
How do people feel about the attached patch to add a tunable?