mirror of
https://github.com/postgres/postgres.git
synced 2025-05-28 00:03:23 -04:00
A couple more fixes for the sepgsql documentation.
This commit is contained in:
parent
d0ed9efdf7
commit
4012810a68
@ -561,8 +561,8 @@ ERROR: SELinux: security policy violation
|
||||
</para>
|
||||
<para>
|
||||
A combination of dynamic domain transition and trusted procedure
|
||||
enables an interesting use case that fits the typical process life-
|
||||
cycle of connection pooling software.
|
||||
enables an interesting use case that fits the typical process life-cycle
|
||||
of connection pooling software.
|
||||
Even if your connection pooling software is not allowed to run most
|
||||
of SQL commands, you can allow it to switch the security label
|
||||
of the client using the <literal>sepgsql_setcon()</literal> function
|
||||
@ -576,7 +576,7 @@ ERROR: SELinux: security policy violation
|
||||
procedure with appropriate permissions checks.
|
||||
The point here is that only the trusted procedure actually has permission
|
||||
to change the effective security label, and only does so when given proper
|
||||
credentials. Of course, for secure operation, the credential store must
|
||||
credentials. Of course, for secure operation, the credential store
|
||||
(table, procedure definition, or whatever) must be protected from
|
||||
unauthorized access.
|
||||
</para>
|
||||
|
Loading…
x
Reference in New Issue
Block a user