Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
10.2. Types
The main permission control method used in SELinux targeted policy to provide advanced process isolation is Type Enforcement. All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with
postgresql. Different types allow you to configure flexible access:
postgresql_db_t- This type is used for several locations. The locations labeled with this type are used for data files for PostgreSQL:
/usr/lib/pgsql/test/regres/usr/share/jonas/pgsql/var/lib/pgsql/data/var/lib/postgres(ql)?
postgresql_etc_t- This type is used for configuration files in
/etc/postgresql/. postgresql_exec_t- This type is used for several locations. The locations labeled with this type are used for binaries for PostgreSQL:
/usr/bin/initdb(.sepgsql)?/usr/bin/(se)?postgres/usr/lib(64)?/postgresql/bin/.*/usr/lib/phsql/test/regress/pg_regress
postgresql_initrc_exec_t- This type is used for the PostgreSQL initialization file located at
/etc/rc.d/init.d/postgresql. postgresql_log_t- This type is used for several locations. The locations labeled with this type are used for log files:
/var/lib/pgsql/logfile/var/lib/pgsql/pgstartup.log/var/lib/sepgsql/pgstartup.log/var/log/postgresql/var/log/postgres.log.*/var/log/rhdb/rhdb/var/log/sepostgresql.log.*
postgresql_var_run_t- This type is used for run-time files for PostgreSQL, such as the process id (PID) in
/var/run/postgresql/.
