[selinux-policy: 2936/3172] postgresql patch from Dan Walsh
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 23:21:30 UTC 2010
commit 17759c7326edb2ff374c922563f7b0e3ff321320
Author: Jeremy Solt <jsolt at tresys.com>
Date: Wed Sep 1 11:06:38 2010 -0400
postgresql patch from Dan Walsh
policy/modules/services/postgresql.te | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index c0652ec..30db5c5 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -202,9 +202,10 @@ manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
+manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)
+files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
@@ -352,7 +353,6 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
-
########################################
#
# Rules common to administrator clients
More information about the scm-commits
mailing list