On September 19, 2012 16:22:12 Daniel J Walsh wrote:
Sadly it looks like we already have a boolean for this in Fedora fro
sepostgresql.
optional_policy(`
tunable_policy(`sepgsql_enable_pitr_implementation',`
corenet_tcp_connect_ssh_port(postgresql_t)
rsync_exec(postgresql_t)
ssh_read_user_home_files(postgresql_t)
ssh_exec(postgresql_t)
')
')
Since this has nothing specific to do with sepgsql, we can change the name
of the boolean.
Daniel, you saved my day - I thought that something like that should exist but
I completely ommited sepgsql* set as I was under impression that it applied to
a completely different functionality. I'll use that instead of my module.
Thank you very much.
For what it's worth I'd like to second the name change as existing one put me
off-track, like many other people (just look up "postgres selinux rsync").
--
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
Woody Allen
When in trouble when in doubt run in circles scream and shout
http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330
--
This communication is intended for the use of the recipient to whom it
is addressed, and may contain confidential, personal, and or privileged
information. Please contact us immediately if you are not the intended
recipient of this communication, and do not copy, distribute, or take
action relying on it. Any communications received in error, or
subsequent reply, should be deleted or destroyed.
---