SELinux for PostgreSQL packages

Поиск
Список
Период
Сортировка
От Ugo Bellavance
Тема SELinux for PostgreSQL packages
Дата
Msg-id CACSSk+X1mg9X99tY+RGQrhh3ne29W8QZ4DzX3w_iUcgLGEjfqw@mail.gmail.com
обсуждение исходный текст
Список pgsql-pkg-yum
Дерево обсуждения
Hi,

I see that the SELinux contexts for the PostgreSQL service processes are not the same as with the Red Hat packages.

PGDG:

[postgres@serverPGDG~]$ ps auxZ | grep postg
system_u:system_r:unconfined_service_t:s0 postgres 1262 0.0  0.5 709764 47656 ?  Ss   Dec06   0:44 /usr/pgsql-12/bin/postmaster -D /var/lib/pgsql/12/data
system_u:system_r:unconfined_service_t:s0 postgres 1314 0.0  0.0 143540 4872 ?   Ss   Dec06   0:13 postgres: logger
system_u:system_r:unconfined_service_t:s0 postgres 1315 0.0  5.4 710356 430848 ? Ss   Dec06   0:56 postgres: startup   recovering 000000010000001B00000083
system_u:system_r:unconfined_service_t:s0 postgres 1347 0.0  5.3 709964 426368 ? Ss   Dec06   0:50 postgres: checkpointer
system_u:system_r:unconfined_service_t:s0 postgres 1348 0.0  0.0 709764 6276 ?   Ss   Dec06   0:39 postgres: background writer
system_u:system_r:unconfined_service_t:s0 postgres 1349 0.0  0.0 145664 4888 ?   Ss   Dec06   0:40 postgres: stats collector
system_u:system_r:unconfined_service_t:s0 postgres 128322 0.1  0.1 734652 11556 ? Ss  Dec09  38:58 postgres: walreceiver   streaming 1B/834697B0

Red Hat:

[posgres@serverRH ~]$ ps auxZ | grep postg
system_u:system_r:postgresql_t:s0 postgres 1264 0.1  0.9 2430608 72256 ?       Ss   Dec09  35:53 postmaster -D /var/opt/rh/rh-postgresql12/lib/pgsql/data
system_u:system_r:postgresql_t:s0 postgres 1333 0.0  0.0 260072  6064 ?        Ss   Dec09  16:59 postgres: logger
system_u:system_r:postgresql_t:s0 postgres 1534 0.0  6.2 2430920 498148 ?      Ss   Dec09   0:58 postgres: checkpointer
system_u:system_r:postgresql_t:s0 postgres 1535 0.0  0.3 2430760 30688 ?       Ss   Dec09   0:55 postgres: background writer
system_u:system_r:postgresql_t:s0 postgres 1536 0.0  0.2 2430608 17732 ?       Ss   Dec09   1:40 postgres: walwriter
system_u:system_r:postgresql_t:s0 postgres 1537 0.1  0.0 2431876 2872 ?        Ss   Dec09  31:34 postgres: autovacuum launcher
system_u:system_r:postgresql_t:s0 postgres 1538 0.0  0.0 255996  1232 ?        Ss   Dec09   0:09 postgres: archiver   last was 000000010000001B00000082.00000028.backup
system_u:system_r:postgresql_t:s0 postgres 1539 0.2  0.0 262536  6708 ?        Ss   Dec09  68:40 postgres: stats collector
system_u:system_r:postgresql_t:s0 postgres 1540 0.0  0.0 2431180 1692 ?        Ss   Dec09   0:02 postgres: logical replication launcher
system_u:system_r:postgresql_t:s0 postgres 8865 0.0  0.0 2433904 3884 ?        Ss   Dec09   1:01 postgres: walsender replicuser1 atqrh8pgsqlr1.atqlan.agri-tracabilite.qc.ca(42284) streaming 1B/834697B0

I'm not a SELinux expert, but are PGDG binaries using the same SELinux configuration as RH-provided binaries?

On the filesystem side, the contexts seem to be the same.

Thanks,

--
Ugo Bellavance (ugob@lubik.ca)

В списке pgsql-pkg-yum по дате отправления:

Предыдущее
От: David Steele
Дата:
Сообщение: Re: GPG signature verification error with pgdg-redhat-repo-42.0-17.noarch
Следующее
От: Nicolas Thauvin
Дата:
Сообщение: Re: other missing RPMs? (Re: pg_repack12)