On September 19, 2012 16:22:12 Daniel J Walsh wrote:
Sadly it looks like we already have a boolean for this in Fedora fro sepostgresql.
optional_policy(` tunable_policy(`sepgsql_enable_pitr_implementation',` corenet_tcp_connect_ssh_port(postgresql_t) rsync_exec(postgresql_t) ssh_read_user_home_files(postgresql_t) ssh_exec(postgresql_t) ') ')
Since this has nothing specific to do with sepgsql, we can change the name of the boolean.
Daniel, you saved my day - I thought that something like that should exist but I completely ommited sepgsql* set as I was under impression that it applied to a completely different functionality. I'll use that instead of my module. Thank you very much.
For what it's worth I'd like to second the name change as existing one put me off-track, like many other people (just look up "postgres selinux rsync").