postgresql patch from Dan Walsh:

"File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info"

Moved signal interface for style.

policy/modules/services/postgresql.fc

@@ -3,6 +3,7 @@
 #
 /etc/postgresql(/.*)?			gen_context(system_u:object_r:postgresql_etc_t,s0)
 /etc/rc\.d/init\.d/(se)?postgresql --	gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)
+/etc/sysconfig/pgsql(/.*)? 		gen_context(system_u:object_r:postgresql_etc_t,s0)
 
 #
 # /usr
@@ -10,9 +11,8 @@
 /usr/bin/initdb(\.sepgsql)?	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
 /usr/bin/(se)?postgres		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
 
-/usr/lib/pgsql/test/regres(/.*)?	gen_context(system_u:object_r:postgresql_db_t,s0)
+/usr/lib(64)?/pgsql/test/regress(/.*)?	gen_context(system_u:object_r:postgresql_db_t,s0)
-/usr/lib/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib(64)?/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
-
 /usr/lib(64)?/postgresql/bin/.* --	gen_context(system_u:object_r:postgresql_exec_t,s0)
 
 ifdef(`distro_debian', `
@@ -44,3 +44,5 @@ ifdef(`distro_redhat', `
 ')
 
 /var/run/postgresql(/.*)?		gen_context(system_u:object_r:postgresql_var_run_t,s0)
+
+/var/run/postmaster.*			gen_context(system_u:object_r:postgresql_var_run_t,s0)

policy/modules/services/postgresql.if

@@ -235,6 +235,23 @@ interface(`postgresql_domtrans',`
 	domtrans_pattern($1, postgresql_exec_t, postgresql_t)
 ')
 
+######################################
+## <summary>
+##	Allow domain to signal postgresql
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`postgresql_signal',`
+	gen_require(`
+		type postgresql_t;
+	')
+	allow $1 postgresql_t:process signal;
+')
+
 ########################################
 ## <summary>
 ##	Allow the specified domain to read postgresql's etc.

policy/modules/services/postgresql.te

@@ -150,6 +150,7 @@ allow postgresql_t self:capability { kill dac_override dac_read_search chown fow
 dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
 allow postgresql_t self:process signal_perms;
 allow postgresql_t self:fifo_file rw_fifo_file_perms;
+allow postgresql_t self:file { getattr read };
 allow postgresql_t self:sem create_sem_perms;
 allow postgresql_t self:shm create_shm_perms;
 allow postgresql_t self:tcp_socket create_stream_socket_perms;
@@ -220,9 +221,11 @@ corenet_tcp_sendrecv_generic_node(postgresql_t)
 corenet_udp_sendrecv_generic_node(postgresql_t)
 corenet_tcp_sendrecv_all_ports(postgresql_t)
 corenet_udp_sendrecv_all_ports(postgresql_t)
+corenet_udp_bind_generic_node(postgresql_t)
 corenet_tcp_bind_generic_node(postgresql_t)
 corenet_tcp_bind_postgresql_port(postgresql_t)
 corenet_tcp_connect_auth_port(postgresql_t)
+corenet_tcp_connect_postgresql_port(postgresql_t)
 corenet_sendrecv_postgresql_server_packets(postgresql_t)
 corenet_sendrecv_auth_client_packets(postgresql_t)
 
@@ -253,11 +256,12 @@ files_search_etc(postgresql_t)
 files_read_etc_runtime_files(postgresql_t)
 files_read_usr_files(postgresql_t)
 
-auth_use_nsswitch(postgresql_t)
+auth_use_pam(postgresql_t)
 
 init_read_utmp(postgresql_t)
 
 logging_send_syslog_msg(postgresql_t)
+logging_send_audit_msgs(postgresql_t)
 
 miscfiles_read_localization(postgresql_t)