Chapter 8: SEPostgreSQL – Extending PostgreSQL with SELinux

In the previous chapter, we covered a few example SELinux-aware applications: applications that know and interact with the SELinux subsystem to further enhance security within the application context. Some of these use existing policy constructs, such as Apache's mod_selinux, whereas others enhance the policy with custom classes to further fine-tune their behavior (as with D-Bus and the acquire_svc permission).

With Security-Enhanced PostgreSQL (SEPostgreSQL), we get a more elaborate example of an SELinux-aware application, which uses multiple additional classes within SELinux, as well as labeling its internal database objects to further enforce security rules. In this chapter, we will ...

Get SELinux System Administration - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Third Edition by Sven Vermeulen

Chapter 8: SEPostgreSQL – Extending PostgreSQL with SELinux

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly