|
|
Subscribe / Log in / New account

SELinux and PostgreSQL: a worthwhile union?

SELinux and PostgreSQL: a worthwhile union?

Posted Dec 7, 2009 2:35 UTC (Mon) by kaigai (guest, #12001)
In reply to: SELinux and PostgreSQL: a worthwhile union? by dpquigl
Parent article: SELinux and PostgreSQL: a worthwhile union?

More generally, Linux kernel also has similar design.

It manages system resources such as files and networks.
When a user tries to access these resources, he has to invoke system calls.
The kernel has routines to handle system calls, and these routines
voluntarily
invoke SELinux code (via LSM) whether the requires access should be allowed,
or not.

SELinux makes its access control decision, and return it into the caller,
then the caller performs according to the decision.
On the model, we call it "security server" which can provide access control
decision independent from the class of subsystems.

to post comments

SELinux and PostgreSQL: a worthwhile union?

Posted Dec 10, 2009 10:29 UTC (Thu) by mjthayer (guest, #39183) [Link]

And here I take it that the database is the equivalent of the filesystem, with the SELinux labels stored inside it associated with the parts of the database they relate to?


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds