From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Tue, 1 May 2012 14:53:01 -0400 Subject: [refpolicy] [3/4] sepgsql - Add temporary objects support In-Reply-To: References: Message-ID: <4FA0310D.4090004@tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 03/25/12 17:15, Kohei KaiGai wrote: > This patch adds a special case handling on creation of temporary > schema; "pg_temp". The temporary schema shall be labeled as > "sepgsql_temp_schema" in the default, then underlying objects > also labeled as temporary objects; that allows confined users > to create, drop and so on, even if sepgsql_enable_users_ddl is off. > > In PostgreSQL, all the temporary objects are deployed on "pg_temp" > schema, then they shall be removed at the session end. > Thus, it has no possibility to leak any other entities via references to > the shared database objects, and no need to prevent creation or > deletion of temporary objects by confined domains. [...] > diff --git a/policy/modules/services/postgresql.te > b/policy/modules/services/postgresql.te > index add0cd6..8a3c2bd 100644 > --- a/policy/modules/services/postgresql.te > +++ b/policy/modules/services/postgresql.te > @@ -164,6 +164,22 @@ optional_policy(` > mls_process_set_level(sepgsql_ranged_proc_t) > ') > > +# Types for temporary objects > +type sepgsql_temp_schema_t; > +postgresql_schema_object(sepgsql_temp_schema_t) > + > +type sepgsql_temp_table_t; > +postgresql_table_object(sepgsql_temp_table_t) > + > +type sepgsql_temp_seq_t; > +postgresql_table_object(sepgsql_temp_seq_t) > + > +type sepgsql_temp_view_t; > +postgresql_view_object(sepgsql_temp_view_t) > + > +type sepgsql_temp_proc_exec_t; > +postgresql_procedure_object(sepgsql_temp_proc_exec_t) Why do you have a temp type for each of the object classes? I don't see it gaining anything in the policy and it would be simpler to have a single type. -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com