10.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
postgresql. Different types allow you to configure flexible access:
postgresql_db_t- This type is used for several locations. The locations labeled with this type are used for data files for PostgreSQL:
/usr/lib/pgsql/test/regres/usr/share/jonas/pgsql/var/lib/pgsql/data/var/lib/postgres(ql)?
postgresql_etc_t- This type is used for configuration files in
/etc/postgresql/. postgresql_exec_t- This type is used for several locations. The locations labeled with this type are used for binaries for PostgreSQL:
/usr/bin/initdb(.sepgsql)?/usr/bin/(se)?postgres/usr/lib(64)?/postgresql/bin/.*/usr/lib/phsql/test/regress/pg_regress
postgresql_initrc_exec_t- This type is used for the PostgreSQL initialization file located at
/etc/rc.d/init.d/postgresql. postgresql_log_t- This type is used for several locations. The locations labeled with this type are used for log files:
/var/lib/pgsql/logfile/var/lib/pgsql/pgstartup.log/var/lib/sepgsql/pgstartup.log/var/log/postgresql/var/log/postgres.log.*/var/log/rhdb/rhdb/var/log/sepostgresql.log.*
postgresql_var_run_t- This type is used for run-time files for PostgreSQL, such as the process id (PID) in
/var/run/postgresql/.
