On Wed, Dec 2, 2009 at 3:30 AM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Red Hat's > policy has been trying to cope with cases like "which directories should > Apache be allowed to read, *given that it's running a Red-Hat-standard > configuration*?" That's far more circumscribed than any useful database > policy would be, because database applications aren't nearly that > standardized.
Actually that does sound useful for Redhat packages which themselves use database. So for example if I install my Redhat spam filter it should be able to automatically run createdb and load its schema and start using postgres as a backing store. Currently I think a lot of packages use sqlite by default just because manual intervention is required to set up postgres. So I'm unclear what advantage this has for Redhat and sysadmins over just setting up the database directly but then I'm unclear what the advantage is for SELinux in the first place so I'm probably just not in the target audience for it. But this seems like it would be directly analogous. I suppose an admin would be able to delegate more control to a new admin -- greg -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers