Hi,
The attached patch fixes incorrect type_transition on database objects.
Since older version defines db_table and db_procedure classes under
the db_database class without db_schema class, I missed to update
type_transition rules corresponding to postgresql_t (it is not often used rule.)
In addition, I also found a misconfiguration when sepgsql_admin_type
tries to create a view object. Its type_transition rule should be defined
under the sepgsql_schema_type, not sepgsql_view_type.
At the last, I marked unused type_transition rules as deprecated.
They may ought to be eliminated actually in the near future.
(E.g, pgsql-v9.1 is released with sepgsql feature)
Thanks,
--
KaiGai Kohei <[email protected]>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: refpolicy-sepgsql-bugfix-v1.patch
Type: application/octet-stream
Size: 3885 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110728/7dc00ec8/attachment.obj
On 07/28/11 10:55, Kohei KaiGai wrote:
> The attached patch fixes incorrect type_transition on database objects.
>
> Since older version defines db_table and db_procedure classes under
> the db_database class without db_schema class, I missed to update
> type_transition rules corresponding to postgresql_t (it is not often used rule.)
>
> In addition, I also found a misconfiguration when sepgsql_admin_type
> tries to create a view object. Its type_transition rule should be defined
> under the sepgsql_schema_type, not sepgsql_view_type.
>
> At the last, I marked unused type_transition rules as deprecated.
> They may ought to be eliminated actually in the near future.
> (E.g, pgsql-v9.1 is released with sepgsql feature)
Merged.
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com