From: russell@coker.com.au (Russell Coker) Date: Thu, 14 Aug 2014 16:59:55 +1000 Subject: [refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian In-Reply-To: <1407846958-13370-3-git-send-email-aranea@aixah.de> References: <1407846958-13370-1-git-send-email-aranea@aixah.de> <1407846958-13370-3-git-send-email-aranea@aixah.de> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com Looks good to me. I don't have a PostgreSQL test machine now so I can't verify it. But I think it's best to apply this and I'll fix Debian later if things break. As an aside what's a good design for PostgreSQL testing? Is there anyone who would like to setup a Debian VM for me for the purpose of testing this? I'm going to run a set of Debian VMs to test the most common daemons to avoid regression. Thanks to the person who offered to setup Nagios for me some weeks ago, I'll take you up on that soon. On 12 August 2014 10:35:58 PM AEST, Luis Ressel wrote: >I'm sure this is the right thing to do; however, the Debian developers >might want to have a say in this, so I made a separate patch. >--- > policy/modules/services/postgresql.fc | 24 ++++++++++-------------- > 1 file changed, 10 insertions(+), 14 deletions(-) > >diff --git a/policy/modules/services/postgresql.fc >b/policy/modules/services/postgresql.fc >index 78a7464..d3bc4bb 100644 >--- a/policy/modules/services/postgresql.fc >+++ b/policy/modules/services/postgresql.fc >@@ -16,20 +16,16 @@ >/usr/lib/pgsql/test/regress(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) >/usr/lib/pgsql/test/regress/pg_regress -- >gen_context(system_u:object_r:postgresql_exec_t,s0) > >-/usr/lib/postgresql(-.*)?/bin/pg_archivecleanup -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_basebackup -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_controldata -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_ctl -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_resetxlog -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_standby -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_upgrade -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/pg_xlogdump -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-/usr/lib/postgresql(-.*)?/bin/postmaster -l gen_context(system_u:object_r:postgresql_exec_t,s0) >- >-ifdef(`distro_debian', ` >-/usr/lib/postgresql/.*/bin/.* -- gen_context(system_u:object_r:postgresql_exec_t,s0) >-') >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_archivecleanup -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_basebackup -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_controldata -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_ctl -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_resetxlog -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_standby -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_upgrade -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_xlogdump -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0) >+/usr/lib/postgresql(-.*)?/(.*/)?bin/postmaster -l gen_context(system_u:object_r:postgresql_exec_t,s0) > > ifdef(`distro_redhat', ` >/usr/share/jonas/pgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) -- Sent from my Samsung Galaxy Note 2 with K-9 Mail.