e0ea7b15ca
The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl. The current policy allows users/unprivs to run ALTER TABLE statement unconditionally, because db_table/db_column:{setattr} is allowed outside of the boolean. It should be moved to conditional section. In addition, they are also allowed to db_procedure:{create drop setattr} for xxxx_sepgsql_proc_exec_t, but it means we allows them to create, drop or alter definition of the functions unconditionally. So, it also should be moved to conditional section. The postgresql.te allows sepgsql_client_type to modify sepgsql_table_t and sepgsql_sysobj_t when sepgsql_enable_users_ddl is enabled, but it should not be allowed. KaiGai Kohei |
||
---|---|---|
.. | ||
admin | ||
apps | ||
kernel | ||
roles | ||
services | ||
system |