[selinux-policy: 2079/3172] trunk: Add db_procedure install permission from KaiGai Kohei.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:04:29 UTC 2010 

commit 466e22a8ba555aed848267e4fb853d899caf071d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Jan 23 19:49:36 2009 +0000

    trunk: Add db_procedure install permission from KaiGai Kohei.

 Changelog                             |    1 +
 policy/flask/access_vectors           |    1 +
 policy/mcs                            |    2 +-
 policy/mls                            |    2 +-
 policy/modules/services/postgresql.te |    4 ++--
 5 files changed, 6 insertions(+), 4 deletions(-)
---
diff --git a/Changelog b/Changelog
index 63055c9..bfef4a9 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Add db_procedure install permission from KaiGai Kohei.
 - Add support for network interfaces with access controlled by a Boolean
   from the CLIP project.
 - Several fixes from the CLIP project.
diff --git a/policy/flask/access_vectors b/policy/flask/access_vectors
index ec763b2..e4b702a 100644
--- a/policy/flask/access_vectors
+++ b/policy/flask/access_vectors
@@ -739,6 +739,7 @@ inherits database
 {
 	execute
 	entrypoint
+	install
 }
 
 class db_column
diff --git a/policy/mcs b/policy/mcs
index 99d66c2..b8c37ab 100644
--- a/policy/mcs
+++ b/policy/mcs
@@ -123,7 +123,7 @@ mlsconstrain db_column { drop setattr relabelfrom select update insert use }
 mlsconstrain db_tuple { relabelfrom select update delete use }
 	( h1 dom h2 );
 
-mlsconstrain db_procedure { execute }
+mlsconstrain db_procedure { execute install }
 	( h1 dom h2 );
 
 mlsconstrain db_blob { drop setattr relabelfrom read write }
diff --git a/policy/mls b/policy/mls
index 040c1c6..80b3a43 100644
--- a/policy/mls
+++ b/policy/mls
@@ -664,7 +664,7 @@ mlsconstrain { db_table db_column } { getattr use select }
 	 ( t1 == mlsdbread ) or
 	 ( t2 == mlstrustedobject ));
 
-mlsconstrain { db_procedure } { getattr execute }
+mlsconstrain { db_procedure } { getattr execute install }
 	(( l1 dom l2 ) or
 	 (( t1 == mlsdbreadtoclr ) and ( h1 dom l2 )) or
 	 ( t1 == mlsdbread ) or
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index b5ea273..9d292c3 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
 
-policy_module(postgresql, 1.8.2)
+policy_module(postgresql, 1.8.3)
 
 gen_require(`
 	class db_database all_db_database_perms;
@@ -303,7 +303,7 @@ allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
 allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
 allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
 
-allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute };
+allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };
 allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
 
 allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };

More information about the scm-commits mailing list