From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 09 Feb 2010 08:48:44 -0500 Subject: [refpolicy] [Patch] database administrator domain In-Reply-To: <4B18C91E.1090907@ak.jp.nec.com> References: <4B18C91E.1090907@ak.jp.nec.com> Message-ID: <1265723324.911.4.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Fri, 2009-12-04 at 17:32 +0900, KaiGai Kohei wrote: > The attached patch add a new role for database administrator (dbadm). > Most of postgresql_admin() definitions were copied from Dan's patch, > so either of them may conflict, but it is not difficult to integrate. > > - It allows dbadm to start/stop PostgreSQL server process, and to manage > corresponding files. > > - It allows dbadm to start/stop MySQL server process, and to manage > corresponding files. > (*) Note that I've not tested MySQL related permissions yet. > > - It allows to execute su and sudo to run init script. > > - It allows to execute DDL statements in SE-PostgreSQL, but permissions > to execute DML statement are depending on the sepgsql_unconfined_dbadm > boolean. > It allows to control whether user data are visible for DBA, or not. > (Oracle's security option has similar idea. All the DBA can do is > defining the schema, not available to access user data.) > > - postgresql_role() is moved to unprivuser.te, staff.te and webadm.te > from the userdom_unpriv_user_template(), because different rules should > be applied on dbadm role. Merged. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150