postgresql patch from Dan Walsh
This commit is contained in:
parent
cf872339b2
commit
17759c7326
@ -202,9 +202,10 @@ manage_sock_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
|
|||||||
files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
|
files_tmp_filetrans(postgresql_t, postgresql_tmp_t, { dir file sock_file })
|
||||||
fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
|
fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file fifo_file })
|
||||||
|
|
||||||
|
manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
||||||
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
||||||
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
|
||||||
files_pid_filetrans(postgresql_t, postgresql_var_run_t, file)
|
files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
|
||||||
|
|
||||||
kernel_read_kernel_sysctls(postgresql_t)
|
kernel_read_kernel_sysctls(postgresql_t)
|
||||||
kernel_read_system_state(postgresql_t)
|
kernel_read_system_state(postgresql_t)
|
||||||
@ -352,7 +353,6 @@ allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
|
|||||||
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
|
# Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
|
||||||
dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
|
dontaudit { postgresql_t sepgsql_admin_type sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
|
||||||
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
#
|
#
|
||||||
# Rules common to administrator clients
|
# Rules common to administrator clients
|
||||||
|
Loading…
Reference in New Issue
Block a user