Chris PeBenito e0ea7b15ca trunk: ... The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl. The current policy allows users/unprivs to run ALTER TABLE statement unconditionally, because db_table/db_column:{setattr} is allowed outside of the boolean. It should be moved to conditional section. In addition, they are also allowed to db_procedure:{create drop setattr} for xxxx_sepgsql_proc_exec_t, but it means we allows them to create, drop or alter definition of the functions unconditionally. So, it also should be moved to conditional section. The postgresql.te allows sepgsql_client_type to modify sepgsql_table_t and sepgsql_sysobj_t when sepgsql_enable_users_ddl is enabled, but it should not be allowed. KaiGai Kohei		2009-05-21 11:49:33 +00:00
..
flask	se-postgresql update from kaigai	2009-05-07 12:35:32 +00:00
modules	trunk:	2009-05-21 11:49:33 +00:00
support	trunk: add open perm to sock_file.	2009-03-11 14:58:03 +00:00
constraints	trunk: fix role change constraint.	2008-12-03 20:16:08 +00:00
global_booleans	trunk: merge strict and targeted policies. merge shlib_t into lib_t.	2007-10-02 16:04:50 +00:00
global_tunables	trunk: merge UBAC.	2008-11-05 16:10:46 +00:00
mcs	se-postgresql update from kaigai	2009-05-07 12:35:32 +00:00
mls	se-postgresql update from kaigai	2009-05-07 12:35:32 +00:00
policy_capabilities	trunk: Enable network_peer_controls policy capability from Paul Moore.	2009-02-03 15:45:30 +00:00
rolemap	trunk: merge UBAC.	2008-11-05 16:10:46 +00:00
users	trunk: drop workaround rules.	2008-07-02 12:17:38 +00:00