[refpolicy] [Patch] database administrator domain
kaigai at ak.jp.nec.com
Fri Dec 4 02:32:30 CST 2009
The attached patch add a new role for database administrator (dbadm).
Most of postgresql_admin() definitions were copied from Dan's patch,
so either of them may conflict, but it is not difficult to integrate.
- It allows dbadm to start/stop PostgreSQL server process, and to manage
- It allows dbadm to start/stop MySQL server process, and to manage
(*) Note that I've not tested MySQL related permissions yet.
- It allows to execute su and sudo to run init script.
- It allows to execute DDL statements in SE-PostgreSQL, but permissions
to execute DML statement are depending on the sepgsql_unconfined_dbadm
It allows to control whether user data are visible for DBA, or not.
(Oracle's security option has similar idea. All the DBA can do is
defining the schema, not available to access user data.)
- postgresql_role() is moved to unprivuser.te, staff.te and webadm.te
from the userdom_unpriv_user_template(), because different rules should
be applied on dbadm role.
BTW, I have a plan to define an individual domain for backup and restore
utilities to separate permissions to access user data from dbadm role
in the future.
In this situation, dbadm can execute backup/restore utilities which can
access user data with domain transition, but dbadm cannot access user
data directly in database and newly generated backup file. It ensures
DBA to dump whole of the database with keeping confidence of the contents.
See the page.28 in:
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai at ak.jp.nec.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 10282 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20091204/47c7a17e/attachment.bin
More information about the refpolicy