diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc
index d91cd035..f03fad48 100644
--- a/policy/modules/services/postgresql.fc
+++ b/policy/modules/services/postgresql.fc
@@ -3,6 +3,7 @@
#
/etc/postgresql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0)
/etc/rc\.d/init\.d/(se)?postgresql -- gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)
+/etc/sysconfig/pgsql(/.*)? gen_context(system_u:object_r:postgresql_etc_t,s0)
#
# /usr
@@ -10,9 +11,8 @@
/usr/bin/initdb(\.sepgsql)? -- gen_context(system_u:object_r:postgresql_exec_t,s0)
/usr/bin/(se)?postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/pgsql/test/regres(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
-/usr/lib/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
-
+/usr/lib(64)?/pgsql/test/regress(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
+/usr/lib(64)?/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
/usr/lib(64)?/postgresql/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0)
ifdef(`distro_debian', `
@@ -44,3 +44,5 @@ ifdef(`distro_redhat', `
')
/var/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0)
+
+/var/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
index 54ea7090..28d6d685 100644
--- a/policy/modules/services/postgresql.if
+++ b/policy/modules/services/postgresql.if
@@ -235,6 +235,23 @@ interface(`postgresql_domtrans',`
domtrans_pattern($1, postgresql_exec_t, postgresql_t)
')
+######################################
+##
+## Allow domain to signal postgresql
+##
+##
+##
+## Domain to not audit.
+##
+##
+#
+interface(`postgresql_signal',`
+ gen_require(`
+ type postgresql_t;
+ ')
+ allow $1 postgresql_t:process signal;
+')
+
########################################
##
## Allow the specified domain to read postgresql's etc.
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index 0b3eda99..7725610f 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -150,6 +150,7 @@ allow postgresql_t self:capability { kill dac_override dac_read_search chown fow
dontaudit postgresql_t self:capability { sys_tty_config sys_admin };
allow postgresql_t self:process signal_perms;
allow postgresql_t self:fifo_file rw_fifo_file_perms;
+allow postgresql_t self:file { getattr read };
allow postgresql_t self:sem create_sem_perms;
allow postgresql_t self:shm create_shm_perms;
allow postgresql_t self:tcp_socket create_stream_socket_perms;
@@ -220,9 +221,11 @@ corenet_tcp_sendrecv_generic_node(postgresql_t)
corenet_udp_sendrecv_generic_node(postgresql_t)
corenet_tcp_sendrecv_all_ports(postgresql_t)
corenet_udp_sendrecv_all_ports(postgresql_t)
+corenet_udp_bind_generic_node(postgresql_t)
corenet_tcp_bind_generic_node(postgresql_t)
corenet_tcp_bind_postgresql_port(postgresql_t)
corenet_tcp_connect_auth_port(postgresql_t)
+corenet_tcp_connect_postgresql_port(postgresql_t)
corenet_sendrecv_postgresql_server_packets(postgresql_t)
corenet_sendrecv_auth_client_packets(postgresql_t)
@@ -253,11 +256,12 @@ files_search_etc(postgresql_t)
files_read_etc_runtime_files(postgresql_t)
files_read_usr_files(postgresql_t)
-auth_use_nsswitch(postgresql_t)
+auth_use_pam(postgresql_t)
init_read_utmp(postgresql_t)
logging_send_syslog_msg(postgresql_t)
+logging_send_audit_msgs(postgresql_t)
miscfiles_read_localization(postgresql_t)