-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/14/2010 03:44 PM, Christopher J. PeBenito wrote:
On 09/14/10 11:53, Daniel J Walsh wrote:
> On 09/14/2010 05:55 AM, Roberto Sassu wrote:
>> Thanks for answers. I'm trying to find a set of types executable by
>> regular users which are managed by few and high privileged domains.
>> Unfortunately, regarding 'etc_t', there's a non administrative
>> domain, 'postgresql_t', which is allowed to create it.
> That seems wrong, I have no idea why postgresql would be able to manage
> etc files. Chris do you have any idea? (Hopefully this did not come
> from me. ) BTW there is no way for user_t to execute something as
> postgresql_t
Based on the git log, this line has been around upstream since 2005,
when the postgresql module was converted over from the old NSA example
policy. I don't know why it would need that access. My preference is
to remove it, and if it causes problems, hopefully it can be fixed in
some other way.
Agreed I am removing from Fedora now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora -
http://enigmail.mozdev.org/
iEYEARECAAYFAkyP1MYACgkQrlYvE4MpobNKawCfXML+mXZk/xJtuRGaqphiPBiO
PtgAoKb1b5mpR46EW6xlDnDMla/tGlOJ
=Uujz
-----END PGP SIGNATURE-----