PostgreSQL PITR & SELinux

Wed Sep 19 20:07:13 UTC 2012

On Wed, 2012-09-19 at 16:01 -0400, Daniel J Walsh wrote:
> On 09/19/2012 03:20 PM, Dominick Grift wrote:
> > 
> > 
> > On Wed, 2012-09-19 at 15:07 -0400, Daniel J Walsh wrote:
> >> 
> >> ## <desc> ##     <p> +##     Allow postgresql to use ssh and rsync to
> >> replicate databases +##     </p> +## </desc> 
> >> +gen_tunable(postgesql_replication, false)
> > 
> > typo in there
> > 
> > we should probably implement a ssh_tcp_connect if it doesnt exists already
> > and use that (that goes for all service ports)
> > 
> > ######################################## ## <summary> ##	Connect to ssh
> > over the TCP network. ## </summary> ## <param name="domain"> ##	<summary> 
> > ##	Domain allowed access. ##	</summary> ## </param> # 
> > interface(`ssh_tcp_connect',` gen_require(` type sshd_t; ')
> > 
> > corenet_tcp_recvfrom_labeled($1, sshd_t) corenet_tcp_sendrecv_ssh_port($1) 
> > corenet_tcp_connect_ssh_port($1) corenet_sendrecv_ssh_client_packets($1) 
> > ')
> > 
> > 
> > 
> > -- selinux mailing list selinux at lists.fedoraproject.org 
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> > 
> Looks like Chris did not like a previous interface by that name.
> ########################################
> ## <summary>
> ##	Connect to SSH daemons over TCP sockets.  (Deprecated)
> ## </summary>
> ## <param name="domain">
> ##	<summary>
> ##	Domain allowed access.
> ##	</summary>
> ## </param>
> #
> interface(`ssh_tcp_connect',`
> 	refpolicywarn(`$0($*) has been deprecated.')
> ')
> 

I noticed that and i dont know why. Its also inconsistent because mysql
and postgres have it but some have it deprecated like i guess ssh and
snmp

I actually like this interface it provides support for labeled
networking.