postgresql patch from Dan Walsh

2010-09-01 11:06:38 -04:00 · 2010-09-01 11:06:38 -04:00 · 17759c7326
commit 17759c7326
parent cf872339b2
1 changed files with 2 additions and 2 deletions
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@ -202,9 +202,10 @@ manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
 files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
 fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })

+manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
 manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
 manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)
+files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })

 kernel_read_kernel_sysctls(postgresql_t)
 kernel_read_system_state(postgresql_t)
@ -352,7 +353,6 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
 # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
 dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };

-
 ########################################
 #
 # Rules common to administrator clients