[pkg-apparmor] PostgreSQL AppArmor profiles
Sandro Knauß
hefee at debian.org
Sun Sep 6 20:31:45 BST 2020
Hey,
Christian is trying to replace the Akonadi internal postgres service with a
system wide service. Is that correct?
(This in itself is not really supported by Akonadi; normally Akonadi is taking
care about starting and stopping the database itself). So what is the
advantage of starting/stopping postgres outside of Akonadi?
> > BEFORE: profile postgresql_akonadi {
> > AFTER: profile postgresql_akonadi flags=(attach_disconnected) {
>
> Right, the flags=(attach_disconnected) addition is the correct fix.
What does this flag do? Does this mean, that every postgres service I start
will be run under this profile? Or can AppArmour distinguish between the system
wide postgresql at 12-main.service and the akonadi one (akonadi-dileks)? Because
keep in mind the profile postgresql_akonadi should only be added to this
instance that is connected to akonadi and not the other postgres clusters. The
idea of the profiles is that the non Akonadi instances of postgres and mysql
don't get any akonadi profile attached.
hefee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-apparmor-team/attachments/20200906/4fef8b13/attachment.sig>
More information about the pkg-apparmor-team
mailing list