> Dan, > > Could you add the following policy into F9 updates? > It is already merged into upstream policy, but I cannot find it > at selinux-policy-3.3.1-91. > > --- at modules/system/libraries.te --- > optional_policy(` > postgresql_loadable_module(lib_t) > postgresql_loadable_module(textrel_shlib_t) > ') > -------------------------------------- Thanks, I confirmed it is fixed at selinux-policy-3.3.1-95.fc9. But what I pointed out is incomplete. :( Could you apply the attached patch towards the 3.3.1 series policy? It allows userdomains and httpd_t to connect SE-PostgreSQL. (No need to say, it compatible to upstream refpolicy.) Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxx>
Attachment:
serefpolicy-sepostgresql-fix-3.3.1.patch
Description: application/octect-stream
