Kaigai, I'm taking a look at the latest Postgresql master and I see that you are
using process:transition permission to check access to transition from one type
to another for trusted procedures.
Why didn't you add a transition permission to db_procedure? We are trying not to
reuse kernel object classes for userspace object managers these days (I know we
haven't been great about that in the past). I know this situation is a little
tricky because the beginning type is a process type (domain) and the ending type
is a procedure type, which closely maps to a domain type.
The beginning type may not always be a domain type though, if a procedure calls
another procedure, or if postgres user session types become derived types
(user_t -> sepgsql_user_t) we could completely divorce process types from
postgres types.
Stephen, do you have an opinion on this?
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
