| From: | Мартынов Александр <m--a-s(at)yandex(dot)ru> |
|---|---|
| To: | John R Pierce <pierce(at)hogranch(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: SELinux context of PostgreSQL connection process |
| Date: | 2015-03-25 14:32:01 |
| Message-ID: | 2929751427293921@web9g.yandex.ru |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
If the user is given the necessary rights, then can the connection process get a context of the user?
Is there the possibility in principle?
24.03.2015, 21:11, "John R Pierce" <pierce(at)hogranch(dot)com>:
> On 3/24/2015 5:16 AM, Мартынов Александр wrote:
>> There is postgres db with sepgsql enabled. When user connect to postgres db with psql, postgres create new process for each connection. These processes have selinux context unconfined_u:unconfined_r:postgresql_t.
>>
>> Is there a way to assign the process a context of user that connected to db?
>
> what if that user is on a different system connecting over the network?
>
> no, the only user the postgres server processes should run as are those
> of the postgres server itself as it needs to read and write files in the
> postgres data directory tree.
>
> --
> john, recycling bits in santa cruz
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Raymond O'Donnell | 2015-03-25 14:34:34 | Re: :Posgres - performance problem |
| Previous Message | ginkgo36 | 2015-03-25 14:30:11 | Re: :Posgres - performance problem |