rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Tunable, optional and if(n)def blocks go below.

Browse Source 
Tunable, optional and if(n)def blocks go below.
This commit is contained in:
Dominick Grift 2010-09-20 19:50:51 +02:00
parent 30bbb6a533
commit b46b3ad67f
1 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
policy/modules/services/postgresql.if
View File

@ -45,14 +45,6 @@ interface(`postgresql_role',`
# Client local policy
#
tunable_policy(`sepgsql_enable_users_ddl',`
allow $2 user_sepgsql_table_t:db_table { create drop setattr };
allow $2 user_sepgsql_table_t:db_column { create drop setattr };
allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
')
allow $2 user_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $2 user_sepgsql_table_t:db_column { getattr use select update insert };
allow $2 user_sepgsql_table_t:db_tuple { use select update insert delete };
@ -69,6 +61,14 @@ interface(`postgresql_role',`
allow $2 sepgsql_trusted_proc_t:process transition;
type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
tunable_policy(`sepgsql_enable_users_ddl',`
allow $2 user_sepgsql_table_t:db_table { create drop setattr };
allow $2 user_sepgsql_table_t:db_column { create drop setattr };
allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
')
')
########################################
@ -358,13 +358,6 @@ interface(`postgresql_unpriv_client',`
type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
allow $1 sepgsql_trusted_proc_t:process transition;
tunable_policy(`sepgsql_enable_users_ddl',`
allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
')
allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert };
allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete };
@ -378,6 +371,13 @@ interface(`postgresql_unpriv_client',`
allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export };
type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t;
tunable_policy(`sepgsql_enable_users_ddl',`
allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
')
')
########################################