On 3/24/2015 5:16 AM, Мартынов Александр wrote:
> There is postgres db with sepgsql enabled. When user connect to postgres db with psql, postgres create new process for each connection. These processes have selinux context unconfined_u:unconfined_r:postgresql_t.
>
> Is there a way to assign the process a context of user that connected to db?
what if that user is on a different system connecting over the network?
no, the only user the postgres server processes should run as are those
of the postgres server itself as it needs to read and write files in the
postgres data directory tree.
--
john, recycling bits in santa cruz