Oracle Solaris Extended Policy and MySQL

/oracle-solaris-extended-policy-and-mysql 2013-03-27T08:59:41+00:00

This is a great article showing Solaris Extended Policy on Solaris 11 in response to another Oracle engineer's details on setting up something similar on Linux using AppArmor and SELinux. I love the little dig in the opening paragraph...

Jeremy Smyth has posted two entries on his blog describing how the mandatory access controls in AppArmor and SELinux apply to MySQL. That provides me an opportunity to demonstrate the Extended Policy functionality in Oracle Solaris. While Solaris provides an equivalent level of policy granularity, it doesn't need a knob to disable enforcement; nor does it require relabeling the filesystem to make the policy effective. Note in the steps below, that we never need to inform the kernel that the policy is updated because the policy is maintained in each process credential, not in a system-wide kernel database.
Oracle Solaris Extended Policy and MySQL

If you've not played with extended policy (it's really just about getting very granular with privileges) on Solaris yet, I encourage you to do so. You'll be amazed at how much you can lock down your applications and how easy it is, and without the need to unnecessarily elevate privileges.

Copyright © 2005 - 2018 Colin Seymour All rights reserved. Privacy Policy.
Check out the feed if you do the RSS/Atom thing.