10.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
postgresql
. Different types allow you to configure flexible access:
postgresql_db_t
- This type is used for several locations. The locations labeled with this type are used for data files for PostgreSQL:
/usr/lib/pgsql/test/regres
/usr/share/jonas/pgsql
/var/lib/pgsql/data
/var/lib/postgres(ql)?
postgresql_etc_t
- This type is used for configuration files in
/etc/postgresql/
. postgresql_exec_t
- This type is used for several locations. The locations labeled with this type are used for binaries for PostgreSQL:
/usr/bin/initdb(.sepgsql)?
/usr/bin/(se)?postgres
/usr/lib(64)?/postgresql/bin/.*
/usr/lib/phsql/test/regress/pg_regress
postgresql_initrc_exec_t
- This type is used for the PostgreSQL initialization file located at
/etc/rc.d/init.d/postgresql
. postgresql_log_t
- This type is used for several locations. The locations labeled with this type are used for log files:
/var/lib/pgsql/logfile
/var/lib/pgsql/pgstartup.log
/var/lib/sepgsql/pgstartup.log
/var/log/postgresql
/var/log/postgres.log.*
/var/log/rhdb/rhdb
/var/log/sepostgresql.log.*
postgresql_var_run_t
- This type is used for run-time files for PostgreSQL, such as the process id (PID) in
/var/run/postgresql/
.