Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Red Hat Enterprise Linux 9 Essentials Book now available.

Purchase a copy of Red Hat Enterprise Linux 9 (RHEL 9) Essentials

Red Hat Enterprise Linux 9 Essentials Print and eBook (PDF) editions contain 34 chapters and 298 pages

Preview Book

Chapter 11. PostgreSQL

11.1. PostgreSQL and SELinux
11.2. Types
11.3. Booleans
11.4. Configuration Examples
11.4.1. PostgreSQL Changing Database Location
From the PostgreSQL project page:
"PostgreSQL is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness."
In Red Hat Enterprise Linux 6, the postgresql-server package provides PostgreSQL. Run rpm -q postgresql-server to see if the postgresql-server package is installed. If it is not installed, run the following command as the root user to install it:
yum install postgresql-server

11.1. PostgreSQL and SELinux

When PostgreSQL is enabled, it runs confined by default. Confined processes run in their own domains, and are separated from other confined processes. If a confined process is compromised by an attacker, depending on SELinux policy configuration, an attacker's access to resources and the possible damage they can do is limited. The following example demonstrates the PostgreSQL processes running in their own domain. This example assumes the postgresql-server package is installed:
  1. Run getenforce to confirm SELinux is running in enforcing mode:
    $ getenforce
Enforcing
    The getenforce command returns Enforcing when SELinux is running in enforcing mode.
  2. Run service postgresql start as the root user to start postgresql:
    service postgresql start
Starting postgresql service:                               [  OK  ]
  3. Run ps -eZ | grep postgres to view the postgresql processes:
    ps -eZ | grep postgres
unconfined_u:system_r:postgresql_t:s0 395 ?    00:00:00 postmaster
unconfined_u:system_r:postgresql_t:s0 397 ?    00:00:00 postmaster
unconfined_u:system_r:postgresql_t:s0 399 ?    00:00:00 postmaster
unconfined_u:system_r:postgresql_t:s0 400 ?    00:00:00 postmaster
unconfined_u:system_r:postgresql_t:s0 401 ?    00:00:00 postmaster
unconfined_u:system_r:postgresql_t:s0 402 ?    00:00:00 postmaster
    The SELinux context associated with the postgresql processes is unconfined_u:system_r:postgresql_t:s0. The second last part of the context, postgresql_t, is the type. A type defines a domain for processes and a type for files. In this case, the postgresql processes are running in the postgresql_t domain.

  
 
  Published under the terms of the Creative Commons License Design by Interspire