http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
Add _admin interface
Type for init script,
And I believe a couple of transtions to be to proc_t not proc_exec_t
Added a transition on creation of sock_file
Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
>
> Add _admin interface
> Type for init script,
>
> And I believe a couple of transtions to be to proc_t not proc_exec_t
In the latest refpolicy, sepgsql_proc_t is an alias of sepgsql_proc_exec_t.
Other procedure types also have xxxx_sepgsql_proc_exec_t, so it should
follow the convension.
Thanks,
--
KaiGai Kohei <[email protected]>
On 05/22/2009 10:51 AM, KaiGai Kohei wrote:
> Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
>>
>>
>> Add _admin interface
>> Type for init script,
>>
>> And I believe a couple of transtions to be to proc_t not proc_exec_t
>
> In the latest refpolicy, sepgsql_proc_t is an alias of sepgsql_proc_exec_t.
> Other procedure types also have xxxx_sepgsql_proc_exec_t, so it should
> follow the convension.
>
> Thanks,
ok. Did not make much sense to me, you are creating executables?
Daniel J Walsh wrote:
> On 05/22/2009 10:51 AM, KaiGai Kohei wrote:
>> Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
>>>
>>>
>>>
>>> Add _admin interface
>>> Type for init script,
>>>
>>> And I believe a couple of transtions to be to proc_t not proc_exec_t
>>
>> In the latest refpolicy, sepgsql_proc_t is an alias of
>> sepgsql_proc_exec_t.
>> Other procedure types also have xxxx_sepgsql_proc_exec_t, so it should
>> follow the convension.
>>
>> Thanks,
>
> ok. Did not make much sense to me, you are creating executables?
Yes, db_procedure class objects are executable stuff.
We assume xxxx_proc_exec_t types are assigned to SQL procedures.
SQL procedures are invoked and executed as a part of SQL query,
and some of them (with sepgsql_trusted_proc_exec_t) can causes
domain transition during execution of the procedure.
It is an analogy of executable programs in database.
Thanks,
--
KaiGai Kohei <[email protected]>