Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Anthony G. Basile (blueness)" <blueness@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in sec-policy/selinux-postgresql/files: fix-services-postgresql-r1.patch
Date: Mon, 07 Mar 2011 02:53:26
Message-Id: 20110307025317.3743E20057@flycatcher.gentoo.org
1 blueness 11/03/07 02:53:17
2
3 Added: fix-services-postgresql-r1.patch
4 Log:
5 Allow sysadm to manage postgresql
6
7 (Portage version: 2.1.9.25/cvs/Linux x86_64)
8
9 Revision Changes Path
10 1.1 sec-policy/selinux-postgresql/files/fix-services-postgresql-r1.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-postgresql/files/fix-services-postgresql-r1.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sec-policy/selinux-postgresql/files/fix-services-postgresql-r1.patch?rev=1.1&content-type=text/plain
14
15 Index: fix-services-postgresql-r1.patch
16 ===================================================================
17 --- services/postgresql.te 2010-12-13 15:11:02.000000000 +0100
18 +++ services/postgresql.te 2011-02-13 14:36:56.000905046 +0100
19 @@ -155,7 +155,7 @@
20 allow postgresql_t self:tcp_socket create_stream_socket_perms;
21 allow postgresql_t self:udp_socket create_stream_socket_perms;
22 allow postgresql_t self:unix_dgram_socket create_socket_perms;
23 -allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
24 +allow postgresql_t self:unix_stream_socket { connectto create_stream_socket_perms };
25 allow postgresql_t self:netlink_selinux_socket create_socket_perms;
26
27 allow postgresql_t sepgsql_database_type:db_database *;
28 @@ -269,7 +269,8 @@
29
30 userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
31 userdom_dontaudit_search_user_home_dirs(postgresql_t)
32 -userdom_dontaudit_use_user_terminals(postgresql_t)
33 +userdom_use_user_terminals(postgresql_t)
34 +#userdom_dontaudit_use_user_terminals(postgresql_t)
35
36 mta_getattr_spool(postgresql_t)
37
38 --- services/postgresql.fc 2010-08-03 15:11:07.000000000 +0200
39 +++ services/postgresql.fc 2011-02-13 13:40:48.798905046 +0100
40 @@ -5,6 +5,10 @@
41 /etc/rc\.d/init\.d/(se)?postgresql -- gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)
42 /etc/sysconfig/pgsql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0)
43
44 +ifdef(`distro_gentoo', `
45 +/etc/postgresql-.*(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0)
46 +')
47 +
48 #
49 # /usr
50 #
51 @@ -23,6 +27,10 @@
52 /usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
53 ')
54
55 +ifdef(`distro_gentoo', `
56 +/usr/lib(64)?/postgresql-.*/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
57 +')
58 +
59 #
60 # /var
61 #
Report Message
Find on MARC Find on Google Groups