Type Enforcement is the main permission control used in SELinux targeted policy. All files and processes are labeled with a type: types define a domain for processes and a type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a domain accessing another domain. Access is only allowed if a specific SELinux policy rule exists that allows it.
The following types are used with postgresql
. Different types allow you to configure flexible access:
postgresql_db_t
-
This type is used for several locations. The locations labeled with this type are used for data files for PostgreSQL:
postgresql_etc_t
-
This type is used for configuration files in /etc/postgresql
.
postgresql_exec_t
-
This type is used for several locations. The locations labeled with this type are used for binaries for PostgreSQL:
-
/usr/bin/initdb(.sepgsql)?
-
/usr/bin/(se)?postgres
-
/usr/lib(64)?/postgresql/bin/.*
-
/usr/lib/phsql/test/regress/pg_regress
postgresql_initrc_exec_t
-
This type is used for the PostgreSQL initialization file located at /etc/rc.d/init.d/postgresql
.
postgresql_log_t
-
This type is used for several locations. The locations labeled with this type are used for log files:
-
/var/lib/pgsql/logfile
-
/var/lib/pgsql/pgstartup.log
-
/var/lib/sepgsql/pgstartup.log
-
/var/log/postgresql
-
/var/log/postgres.log.*
-
/var/log/rhdb/rhdb
-
/var/log/sepostgresql.log.*
postgresql_var_run_t
-
This type is used for run-time files for PostgreSQL, such as the process id (PID) in /var/run/postgresql
.