James Young wrote:
Does selinux check context on the whole directory hierarchy when
decision about permission to enter a directory? That is, when I try to
access /home/Data/pgsql, will it check the context on /home, then
/home/Data, and then on /home/Data/pgsql? Or will it only check the context
I want to put a Postgres database in a /home/Data/pgsql/data directory, but
the initrc script will not run it there. I can run it as the postgres user.
The contexts mirror the /var/lib/pgsql/data directory:
user_u:object_r:postgres_db_t. The context of /home/Data/pgsql is
The whole hierarchy must be readable. Putting server data under /home
always causes problems. I'd suggest bind mounting /home/Data/pgsql to
/var/lib/pgsql or something similar.
You could change the context type of /home/Data to var_t but you'd
probably still have issues with /home itself.
Does Fedora use the reference policy from Tresys exactly? If not,
I find the source policy for Fedora. All I can find are the if files.
The selinux-policy SRPM.
Finally, are there any better references for selinux. Everything
is a decent starting point.