The author wrote: Using SE-PostgreSQL, SELinux security contexts are associated with each table, row and column of the database. [...] . The PostgreSQL user must still have the ability to perform the requested action as the PostgreSQL permissions are checked before the SELinux policies are even consulted. This two-tiered permissions system is probably unnecessary, so SE-PostgreSQL could completely replace the database permissions in secure installations.
Actually the security contexts are part of the Mandatory Access Control (MAC) mechanism. With Discretionary Access Control (DAC), the creator of a file or database tuple can grant permissions to anyone, even if they're not authorized to see the data. MAC overrides this, so that
With the two layers of protection, it becomes very hard to subvert one person or business process and get access to data you sholdn't have.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds