Re: [v9.2] Add GUC sepgsql.client_label

Поиск
Список
Период
Сортировка
От Kohei KaiGai
Тема Re: [v9.2] Add GUC sepgsql.client_label
Дата
Msg-id CADyhKSUg+SYL6mNz18ib45pk6uS5PBgCAnrNZOd00astgY0uPQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: [v9.2] Add GUC sepgsql.client_label  (Yeb Havinga <yebhavinga@gmail.com>)
Список pgsql-hackers
2012/2/24 Yeb Havinga <yebhavinga@gmail.com>:
> On 2012-02-24 15:17, Yeb Havinga wrote:
>>
>> I don't know what's fishy about the mgrid user and root that causes
>> c0.c1023 to be absent.
>
>
> more info:
>
> In shells started in a x environment under Xvnc, id -Z shows the system_u
> and c0.c1023 absent.
>
> In shells started from the ssh daemon, the id -Z matches what it should be
> according to the seusers file: unconfined_u and c0.c1023 present.
>
It seems to me the reason why your security label on bash is different from
the expected default one.
Unlike sshd daemon, vncserver does not assign security label on itself
according to the /etc/selinux/targeted/seusers, thus it inherits the label
of system startup script. It is also the reason why you saw "system_u"
at the head of security context.

I'll report this topic to selinux community to discuss the preferable solution.
Anyway, please use ssh connection for the testing purpose.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


В списке pgsql-hackers по дате отправления:

Предыдущее
От: Bruce Momjian
Дата:
Сообщение: Re: pg_upgrade --logfile option documentation
Следующее
От: Jeff Janes
Дата:
Сообщение: Re: Initial 9.2 pgbench write results