From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Tue, 22 Mar 2011 08:58:42 -0400
Subject: [refpolicy] [PATCH 13/15] Allow postgresql to connect to his
 unix_stream_socket
In-Reply-To: <20110309212516.GA7567@siphos.be>
References: <20110309212516.GA7567@siphos.be>
Message-ID: <4D889D02.9080507@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 03/09/11 16:25, Sven Vermeulen wrote:
> Required in order to start postgresql and test activities with psql command.

Sounds like psql needs its own domain.  Especially in light of patch 14.

> Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
> ---
>  policy/modules/services/postgresql.te |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
> index 8ed5067..77e6ca2 100644
> --- a/policy/modules/services/postgresql.te
> +++ b/policy/modules/services/postgresql.te
> @@ -205,7 +205,7 @@ allow postgresql_t self:shm create_shm_perms;
>  allow postgresql_t self:tcp_socket create_stream_socket_perms;
>  allow postgresql_t self:udp_socket create_stream_socket_perms;
>  allow postgresql_t self:unix_dgram_socket create_socket_perms;
> -allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
> +allow postgresql_t self:unix_stream_socket { connectto create_stream_socket_perms };
>  allow postgresql_t self:netlink_selinux_socket create_socket_perms;
>  
>  allow postgresql_t sepgsql_database_type:db_database *;


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com