Needs to prevent executing su.

Thomas Bleher bleher at
Fri Jun 11 14:31:52 UTC 2004

* Igor Borisovsky <igor at> [2004-06-11 15:53]:
> root operates as server administrator. Now selinux policy configuration
> forbids root access to the postgresql data files.
> Postgresql database contains secure data. Therefore root must not be able to
> access to this information.
> Instead of there is database administrator. This person is authorized to do
> all database related operations.
> So I need to prevent executing 'su postgres' for root.

You should note that every uid==0 process can change its uid to anything
else, SELinux doesn't restrict this at all.
You can test this as root and user_r with the following perl command:
$ perl -MPOSIX -e 'POSIX::setuid(1000);system("id");'

So you should probably define a new role (say dataop_r) which gets
access to the database and make sure that root is not authorized for it.

I still don't think that it is possible to prevent sysadm_r from
accessing the database (think about replacing binaries, changing the
policy, raw disk access, ...) but others have already said that.


-- - my SELinux pages
GPG-Fingerprint: BC4F BB16 30D6 F253 E3EA  D09E C562 2BAE B2F4 ABE7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the selinux mailing list