Re: [PATCH] libselinux: add support for /contexts/postgresql_contexts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2008-06-24 at 11:35 +0900, KaiGai Kohei wrote:
> The attached patch replaces the following names:
> 
>   $1_sepgsql_proc_t         -> $1_sepgsql_proc_exec_t
>   sepgsql_trusted_domain_t  -> sepgsql_trusted_proc_t
>   sepgsql_trusted_proc_t    -> sepgsql_trusted_proc_exec_t


Merged.

> 
> 
> 
> 
> 
> 
> differences
> between files
> attachment
> (refpolicy-sepgsql_proc_exec_t.patch)
> 
> Index: refpolicy/policy/modules/services/postgresql.if
> ===================================================================
> --- refpolicy/policy/modules/services/postgresql.if     (revision
> 2727)
> +++ refpolicy/policy/modules/services/postgresql.if     (working copy)
> @@ -37,7 +37,7 @@
>                 attribute sepgsql_client_type, sepgsql_database_type;
>                 attribute sepgsql_sysobj_table_type;
>  
> -               type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
> +               type sepgsql_trusted_proc_exec_t,
> sepgsql_trusted_proc_t;
>         ')
>  
>         ########################################
> @@ -50,8 +50,8 @@
>         type $1_sepgsql_blob_t;
>         postgresql_blob_object($1_sepgsql_blob_t)
>  
> -       type $1_sepgsql_proc_t;
> -       postgresql_procedure_object($1_sepgsql_proc_t)
> +       type $1_sepgsql_proc_exec_t;
> +       postgresql_procedure_object($1_sepgsql_proc_exec_t)
>  
>         type $1_sepgsql_sysobj_t;
>         postgresql_system_table_object($1_sepgsql_sysobj_t)
> @@ -59,7 +59,7 @@
>         type $1_sepgsql_table_t;
>         postgresql_table_object($1_sepgsql_table_t)
>  
> -       role $3 types sepgsql_trusted_domain_t;
> +       role $3 types sepgsql_trusted_proc_t;
>  
>         ##############################
>         #
> @@ -81,14 +81,14 @@
>         allow $2 $1_sepgsql_table_t  : db_tuple  { use select update
> insert delete };
>         allow $2 $1_sepgsql_sysobj_t : db_tuple  { use select };
>  
> -       allow $2 $1_sepgsql_proc_t : db_procedure { create drop
> getattr setattr execute };
> -       type_transition $2 sepgsql_database_type:db_procedure
> $1_sepgsql_proc_t;
> +       allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop
> getattr setattr execute };
> +       type_transition $2 sepgsql_database_type:db_procedure
> $1_sepgsql_proc_exec_t;
>  
>         allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr
> setattr read write };
>         type_transition $2 sepgsql_database_type:db_blob
> $1_sepgsql_blob_t;
>  
> -       allow $2 sepgsql_trusted_domain_t:process transition;
> -       type_transition $2 sepgsql_trusted_proc_t:process
> sepgsql_trusted_domain_t;
> +       allow $2 sepgsql_trusted_proc_t:process transition;
> +       type_transition $2 sepgsql_trusted_proc_exec_t:process
> sepgsql_trusted_proc_t;
>  ')
>  
>  ########################################
> @@ -343,7 +343,7 @@
>  
>                 type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t,
> sepgsql_blob_t;
>  
> -               type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
> +               type sepgsql_trusted_proc_t,
> sepgsql_trusted_proc_exec_t;
>         ')
>  
>         typeattribute $1 sepgsql_client_type;
> @@ -352,8 +352,8 @@
>         type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;
>         type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;
>  
> -       type_transition $1 sepgsql_trusted_proc_t:process
> sepgsql_trusted_domain_t;
> -       allow $1 sepgsql_trusted_domain_t:process transition;
> +       type_transition $1 sepgsql_trusted_proc_exec_t:process
> sepgsql_trusted_proc_t;
> +       allow $1 sepgsql_trusted_proc_t:process transition;
>  ')
>  
>  ########################################
> Index: refpolicy/policy/modules/services/postgresql.te
> ===================================================================
> --- refpolicy/policy/modules/services/postgresql.te     (revision
> 2727)
> +++ refpolicy/policy/modules/services/postgresql.te     (working copy)
> @@ -87,14 +87,14 @@
>  type sepgsql_table_t;
>  postgresql_table_object(sepgsql_table_t)
>  
> -type sepgsql_trusted_proc_t;
> -postgresql_procedure_object(sepgsql_trusted_proc_t)
> +type sepgsql_trusted_proc_exec_t;
> +postgresql_procedure_object(sepgsql_trusted_proc_exec_t)
>  
>  # Trusted Procedure Domain
> -type sepgsql_trusted_domain_t;
> -domain_type(sepgsql_trusted_domain_t)
> -postgresql_unconfined(sepgsql_trusted_domain_t)
> -role system_r types sepgsql_trusted_domain_t;
> +type sepgsql_trusted_proc_t;
> +domain_type(sepgsql_trusted_proc_t)
> +postgresql_unconfined(sepgsql_trusted_proc_t)
> +role system_r types sepgsql_trusted_proc_t;
>  
>  ########################################
>  #
> 
-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux