| 1 |
commit: 880e5bc49e6e08fb4f8e4732e6cdd5e1c05eba13 |
| 2 |
Author: Jason Zaman <jason <AT> perfinion <DOT> com> |
| 3 |
AuthorDate: Mon May 25 09:33:56 2015 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Wed May 27 18:59:50 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=880e5bc4 |
| 7 |
|
| 8 |
postgresql: use init_startstop_service in _admin interface |
| 9 |
|
| 10 |
The postgresql_admin interfaces had rules for RedHat sysvinit. This |
| 11 |
replaces them with the interface init_startstop_service which can |
| 12 |
easily be changed for other init systems. |
| 13 |
|
| 14 |
policy/modules/services/postgresql.if | 5 +---- |
| 15 |
1 file changed, 1 insertion(+), 4 deletions(-) |
| 16 |
|
| 17 |
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if |
| 18 |
index 85d430f..11526b6 100644 |
| 19 |
--- a/policy/modules/services/postgresql.if |
| 20 |
+++ b/policy/modules/services/postgresql.if |
| 21 |
@@ -595,10 +595,7 @@ interface(`postgresql_admin',` |
| 22 |
allow $1 postgresql_t:process { ptrace signal_perms }; |
| 23 |
ps_process_pattern($1, postgresql_t) |
| 24 |
|
| 25 |
- init_labeled_script_domtrans($1, postgresql_initrc_exec_t) |
| 26 |
- domain_system_change_exemption($1) |
| 27 |
- role_transition $2 postgresql_initrc_exec_t system_r; |
| 28 |
- allow $2 system_r; |
| 29 |
+ init_startstop_service($1, $2, postgresql_t, postgresql_initrc_exec_t) |
| 30 |
|
| 31 |
admin_pattern($1, postgresql_var_run_t) |
Archives