Hi, I noticed the selinux-policy of Fedora is not updated to the latest upstream refpolicy in type_transition rules. The attached file is a diff set of services/postgresql.te between the upstream and selinux-policy-3.10.0-55. It drops the following type_transition rules: type_transition postgresql_t sepgsql_database_type:db_schema sepgsql_schema_t; type_transition postgresql_t sepgsql_schema_type:db_table sepgsql_sysobj_t; type_transition postgresql_t sepgsql_schema_type:db_sequence sepgsql_seq_t; type_transition postgresql_t sepgsql_schema_type:db_view sepgsql_view_t; type_transition postgresql_t sepgsql_schema_type:db_procedure sepgsql_proc_exec_t; And, it defines the rules incorrectly. -type_transition sepgsql_admin_type sepgsql_schema_type:db_sequence sepgsql_seq_t; +type_transition sepgsql_admin_type sepgsql_schema_type:db_schema sepgsql_seq_t; -type_transition sepgsql_admin_type sepgsql_schema_type:db_view sepgsql_view_t; +type_transition sepgsql_admin_type sepgsql_view_type:db_view sepgsql_view_t; Please fix them. Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxx>
Attachment:
upstream-and-fedora-3.10.0-55.diff
Description: Binary data
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
