Re: SE-PostgreSQL Specifications

KaiGai Kohei wrote:
>
> The SELinux provides a certain process privilege to make backups and
> restore them. In the (currect) default policy, it is called "unconfined".
>
> However, it is also *possible* to define a new special process privilege
> for backup and restore tools. For example, it can access all the databse
> objects and can make backups, but any other process cannot touch the
> backup files. It means that DBA can launch a backup tool and it creates
> a black-boxed file, then he cal also lauch a restore tool to restore
> the black-boxed backup, but he cannot see the contents of the backup.
> (It might be a similar idea of "sudo" mechanism.)
>
>

Really? How you enforce this black box rule for a backup made across the 
network? From the server's POV there is no such thing as a backup. All 
it sees is a set of SQL statements all of which it might see in some 
other context.

cheers

andrew