Extended Policy and MySQL
By Jeremy Smyth on Mar 26, 2013
Any secure system needs to be configured correctly to best serve the needs of users and the business. Previously, I've covered AppArmor and MySQL, and more recently SELinux and MySQL. To round out a healthy trio on running MySQL in environments with mandatory access control, Glenn Faden has written a post on Oracle Solaris Extended Policy and MySQL.
Extended Policy is a feature of Solaris that allows you to assign named privileges on resources—such as ports and files—to services. I'm not hugely familiar with Extended Policy (or Solaris for that matter), but according to Glenn it's similar to SELinux but somewhat better: He says "it doesn't need a knob to disable enforcement; nor does it require relabeling the filesystem to make the policy effective...we never need to inform the kernel that the policy is updated because the policy is maintained in each process credential, not in a system-wide kernel database."
I'll let him continue the explanation at his blog post (thanks Glenn!)