selinux-policy/policy/modules
Chris PeBenito 350ed89156 se-postgresql update from kaigai
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
    db_database:{getattr}
    db_table:{getattr lock}
    db_column:{getattr}
    db_procedure:{drop getattr setattr}
    db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
  impossible to refer read-only table with foreign-key constraint.
  (FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
  on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
  It should allow them on sepgsql_trusted_proc_exec_t.
  I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
  such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
  sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
  procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
  but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
..
admin trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
apps trunk: 4 patches from dan. 2009-03-11 13:32:23 +00:00
kernel trunk: 5 patches from dan. 2009-05-06 14:26:20 +00:00
roles trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
services se-postgresql update from kaigai 2009-05-07 12:35:32 +00:00
system trunk: whitespace fixes. 2009-05-06 14:44:57 +00:00