PostgreSQL PITR & SELinux

Wed Sep 19 21:20:17 UTC 2012

On September 19, 2012 16:22:12 Daniel J Walsh wrote:
> Sadly it looks like we already have a boolean for this in Fedora fro
> sepostgresql.
> 
> optional_policy(`
> 	tunable_policy(`sepgsql_enable_pitr_implementation',`
> 		corenet_tcp_connect_ssh_port(postgresql_t)
> 		rsync_exec(postgresql_t)
> 		ssh_read_user_home_files(postgresql_t)
> 		ssh_exec(postgresql_t)
> 	')
> ')
> 
> Since this has nothing specific to do with sepgsql, we can change the name
> of the boolean.

Daniel, you saved my day - I thought that something like that should exist but 
I completely ommited sepgsql* set as I was under impression that it applied to 
a completely different functionality. I'll use that instead of my module. 
Thank you very much.

For what it's worth I'd like to second the name change as existing one put me 
off-track, like many other people (just look up "postgres selinux rsync"). 

-- 
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
    Woody Allen

When in trouble when in doubt run in circles scream and shout 
     http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330

-- 
    This communication is intended for the use of the recipient to whom it
    is addressed, and may contain confidential, personal, and or privileged
    information. Please contact us immediately if you are not the intended
    recipient of this communication, and do not copy, distribute, or take
    action relying on it. Any communications received in error, or
    subsequent reply, should be deleted or destroyed.
---