From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 09 Feb 2010 08:48:44 -0500
Subject: [refpolicy] [Patch] database administrator domain
In-Reply-To: <4B18C91E.1090907@ak.jp.nec.com>
References: <4B18C91E.1090907@ak.jp.nec.com>
Message-ID: <1265723324.911.4.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Fri, 2009-12-04 at 17:32 +0900, KaiGai Kohei wrote:
> The attached patch add a new role for database administrator (dbadm).
> Most of postgresql_admin() definitions were copied from Dan's patch,
> so either of them may conflict, but it is not difficult to integrate.
> 
> - It allows dbadm to start/stop PostgreSQL server process, and to manage
>   corresponding files.
> 
> - It allows dbadm to start/stop MySQL server process, and to manage
>   corresponding files.
>   (*) Note that I've not tested MySQL related permissions yet.
> 
> - It allows to execute su and sudo to run init script.
> 
> - It allows to execute DDL statements in SE-PostgreSQL, but permissions
>   to execute DML statement are depending on the sepgsql_unconfined_dbadm
>   boolean.
>   It allows to control whether user data are visible for DBA, or not.
>   (Oracle's security option has similar idea. All the DBA can do is
>    defining the schema, not available to access user data.)
> 
> - postgresql_role() is moved to unprivuser.te, staff.te and webadm.te
>   from the userdom_unpriv_user_template(), because different rules should
>   be applied on dbadm role.

Merged.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150