KaiGai Kohei wrote:
> Please wait for a while.
>
> As I noted before, the selabel patch tries to solve two matters.
> - The default label for db_database class.
> - The default label for temporary schame.
>
> If we can have db_schema_temp class, the only remaining matter is the default
> in db_database class. It can be solved using a file which store a default label
> for SE-PostgreSQL's db_database objects, as if run_init uses initrc_context.
>
> It makes sense for me, and clear its behavior from the viewpoint of the analogy.
I would like to reserve /etc/selinux/$POLICYTYPE/context/sepgsql_context to
store the default security context for db_database object in SE-PostgreSQL.
(I guess RUBIX can store its default in rubix_context in same way.)
The attached patch adds a new API: selinux_sepgsql_context_path() which
returns the pathname of the configuration file.
Please apply this one, instead of the patch for selabel_lookup().
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
[PATCH] add selinux_sepgsql_context_path()
The /etc/selinux/$POLICYTYPE/context/sepgsql_context can store a default
security context of db_database class object in SE-PostgreSQL.
This patch add a new API: selinux_sepgsql_context_path() which returns
a pathname of the configuration file.
Signed-off-by: KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
--
libselinux/include/selinux/selinux.h | 1 +
libselinux/src/file_path_suffixes.h | 1 +
libselinux/src/selinux_config.c | 9 ++++++++-
libselinux/src/selinux_internal.h | 1 +
4 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 0a0b195..8adbbcf 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -492,6 +492,7 @@ extern const char *selinux_users_path(void);
extern const char *selinux_usersconf_path(void);
extern const char *selinux_translations_path(void);
extern const char *selinux_colors_path(void);
+extern const char *selinux_sepgsql_context_path(void);
extern const char *selinux_netfilter_context_path(void);
extern const char *selinux_path(void);
diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h
index 8d207c9..b4e13d2 100644
--- a/libselinux/src/file_path_suffixes.h
+++ b/libselinux/src/file_path_suffixes.h
@@ -20,3 +20,4 @@ S_(BINPOLICY, "/policy/policy")
S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local")
S_(X_CONTEXTS, "/contexts/x_contexts")
S_(COLORS, "/secolor.conf")
+ S_(SEPGSQL_CONTEXT, "/contexts/sepgsql_context")
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
index dec5426..620a2ce 100644
--- a/libselinux/src/selinux_config.c
+++ b/libselinux/src/selinux_config.c
@@ -40,7 +40,8 @@
#define SECURETTY_TYPES 18
#define X_CONTEXTS 19
#define COLORS 20
-#define NEL 21
+#define SEPGSQL_CONTEXT 21
+#define NEL 22
/* New layout is relative to SELINUXDIR/policytype. */
static char *file_paths[NEL];
@@ -391,3 +392,9 @@ const char *selinux_x_context_path()
}
hidden_def(selinux_x_context_path)
+
+const char *selinux_sepgsql_context_path()
+{
+ return get_path(SEPGSQL_CONTEXT);
+}
+hidden_def(selinux_sepgsql_context_path)
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index 24c1396..2d2beb8 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -77,6 +77,7 @@ hidden_proto(selinux_mkload_policy)
hidden_proto(selinux_usersconf_path);
hidden_proto(selinux_translations_path);
hidden_proto(selinux_colors_path);
+hidden_proto(selinux_sepgsql_context_path);
hidden_proto(selinux_getenforcemode);
hidden_proto(selinux_getpolicytype);
hidden_proto(selinux_raw_to_trans_context);
