21.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
postgresql
. Different types allow you to configure flexible access. Note that in the list below are used several regular expression to match the whole possible locations:
postgresql_db_t
- This type is used for several locations. The locations labeled with this type are used for data files for PostgreSQL:
/usr/lib/pgsql/test/regres
/usr/share/jonas/pgsql
/var/lib/pgsql/data
/var/lib/postgres(ql)?
postgresql_etc_t
- This type is used for configuration files in the
/etc/postgresql/
directory. postgresql_exec_t
- This type is used for several locations. The locations labeled with this type are used for binaries for PostgreSQL:
/usr/bin/initdb(.sepgsql)?
/usr/bin/(se)?postgres
/usr/lib(64)?/postgresql/bin/.*
/usr/lib(64)?/pgsql/test/regress/pg_regress
systemd_unit_file_t
- This type is used for the executable PostgreSQL-related files located in the
/usr/lib/systemd/system/
directory. postgresql_log_t
- This type is used for several locations. The locations labeled with this type are used for log files:
/var/lib/pgsql/logfile
/var/lib/pgsql/pgstartup.log
/var/lib/sepgsql/pgstartup.log
/var/log/postgresql
/var/log/postgres.log.*
/var/log/rhdb/rhdb
/var/log/sepostgresql.log.*
postgresql_var_run_t
- This type is used for run-time files for PostgreSQL, such as the process id (PID) in the
/var/run/postgresql/
directory.