[selinux-policy: 3061/3172] Tunable, optional and if(n)def blocks go below.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:32:21 UTC 2010
commit b46b3ad67f5649a4394fce79de900d08f46b603a
Author: Dominick Grift <domg472 at gmail.com>
Date: Mon Sep 20 19:50:51 2010 +0200
Tunable, optional and if(n)def blocks go below.
Tunable, optional and if(n)def blocks go below.
policy/modules/services/postgresql.if | 30 +++++++++++++++---------------
1 files changed, 15 insertions(+), 15 deletions(-)
---
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index f8924b6..ac2d3e7 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -45,14 +45,6 @@ interface(`postgresql_role',`
# Client local policy
#
- tunable_policy(`sepgsql_enable_users_ddl',`
- allow $2 user_sepgsql_table_t:db_table { create drop setattr };
- allow $2 user_sepgsql_table_t:db_column { create drop setattr };
-
- allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
- allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
- ')
-
allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
@@ -69,6 +61,14 @@ interface(`postgresql_role',`
allow $2 sepgsql_trusted_proc_t:process transition;
type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+
+ tunable_policy(`sepgsql_enable_users_ddl',`
+ allow $2 user_sepgsql_table_t:db_table { create drop setattr };
+ allow $2 user_sepgsql_table_t:db_column { create drop setattr };
+
+ allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
+ allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+ ')
')
########################################
@@ -358,13 +358,6 @@ interface(`postgresql_unpriv_client',`
type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
allow $1 sepgsql_trusted_proc_t:process transition;
- tunable_policy(`sepgsql_enable_users_ddl',`
- allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
- allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
- allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
- allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
- ')
-
allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
@@ -378,6 +371,13 @@ interface(`postgresql_unpriv_client',`
allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
+
+ tunable_policy(`sepgsql_enable_users_ddl',`
+ allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
+ allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
+ allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
+ allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
+ ')
')
########################################
More information about the scm-commits
mailing list