From: kaigai@kaigai.gr.jp (Kohei KaiGai) Date: Fri, 4 May 2012 15:14:12 +0200 Subject: [refpolicy] [3/4] sepgsql - Add temporary objects support In-Reply-To: <4FA0310D.4090004@tresys.com> References: <4FA0310D.4090004@tresys.com> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com 2012/5/1 Christopher J. PeBenito : > On 03/25/12 17:15, Kohei KaiGai wrote: >> This patch adds a special case handling on creation of temporary >> schema; "pg_temp". The temporary schema shall be labeled as >> "sepgsql_temp_schema" in the default, then underlying objects >> also labeled as temporary objects; that allows confined users >> to create, drop and so on, even if sepgsql_enable_users_ddl is off. >> >> In PostgreSQL, all the temporary objects are deployed on "pg_temp" >> schema, then they shall be removed at the session end. >> Thus, it has no possibility to leak any other entities via references to >> the shared database objects, and no need to prevent creation or >> deletion of temporary objects by confined domains. > [...] > >> diff --git a/policy/modules/services/postgresql.te >> b/policy/modules/services/postgresql.te >> index add0cd6..8a3c2bd 100644 >> --- a/policy/modules/services/postgresql.te >> +++ b/policy/modules/services/postgresql.te >> @@ -164,6 +164,22 @@ optional_policy(` >> ? ? ? mls_process_set_level(sepgsql_ranged_proc_t) >> ?') >> >> +# Types for temporary objects >> +type sepgsql_temp_schema_t; >> +postgresql_schema_object(sepgsql_temp_schema_t) >> + >> +type sepgsql_temp_table_t; >> +postgresql_table_object(sepgsql_temp_table_t) >> + >> +type sepgsql_temp_seq_t; >> +postgresql_table_object(sepgsql_temp_seq_t) >> + >> +type sepgsql_temp_view_t; >> +postgresql_view_object(sepgsql_temp_view_t) >> + >> +type sepgsql_temp_proc_exec_t; >> +postgresql_procedure_object(sepgsql_temp_proc_exec_t) > > Why do you have a temp type for each of the object classes? > ?I don't see it gaining anything in the policy and it would be simpler to have a single type. > I agree with your opinion. See the attached patch. It defines sepgsql_temp_object_t for all the temporary objects being constructed on "pg_temp" schema. The temporary schema itself shall be also labeled as "sepgsql_temp_object_t" to avoid increasing of unnecessary type_transition rules for each underlying object classes. Thanks, -- KaiGai Kohei -------------- next part -------------- A non-text attachment was scrubbed... Name: refpolicy-sepgsql-3of4-temp-database-objects.20120502.patch Type: application/octet-stream Size: 6461 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20120504/ffedac9c/attachment.obj