[refpolicy] [Patch] database administrator domain
Christopher J. PeBenito
cpebenito at tresys.com
Tue Feb 9 07:48:44 CST 2010
On Fri, 2009-12-04 at 17:32 +0900, KaiGai Kohei wrote:
> The attached patch add a new role for database administrator (dbadm).
> Most of postgresql_admin() definitions were copied from Dan's patch,
> so either of them may conflict, but it is not difficult to integrate.
>
> - It allows dbadm to start/stop PostgreSQL server process, and to manage
> corresponding files.
>
> - It allows dbadm to start/stop MySQL server process, and to manage
> corresponding files.
> (*) Note that I've not tested MySQL related permissions yet.
>
> - It allows to execute su and sudo to run init script.
>
> - It allows to execute DDL statements in SE-PostgreSQL, but permissions
> to execute DML statement are depending on the sepgsql_unconfined_dbadm
> boolean.
> It allows to control whether user data are visible for DBA, or not.
> (Oracle's security option has similar idea. All the DBA can do is
> defining the schema, not available to access user data.)
>
> - postgresql_role() is moved to unprivuser.te, staff.te and webadm.te
> from the userdom_unpriv_user_template(), because different rules should
> be applied on dbadm role.
Merged.
--
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150
More information about the refpolicy
mailing list