On 06/01/2009 02:03 AM, KaiGai Kohei wrote:
Dan,
http://people.fedoraproject.org/~dwalsh/SELinux/F11/system_userdomain.patch
It seems to me that the patch removes postgresql_role() from the userdom_unpriv_user_template(), but it can prevent staff_t to access SE-PostgreSQL.
Could you fix it please?
Ok I added
optional_policy(` postgresql_role(staff_r, staff_t) ')
to staff.te, I do not want all users to be able to manage postgresql. So this should be user type by user type decision.