From: andre@flonatel.org (Andreas Florath)
Date: Sat, 16 Aug 2014 20:25:15 +0200
Subject: [refpolicy] [PATCH 2/2] Also apply the new postgres labeling
 scheme on Debian
In-Reply-To: <53EE7EAE.2000409@flonatel.org>
References: <53EE7EAE.2000409@flonatel.org>
Message-ID: <53EFA20B.1080609@flonatel.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Hello!

Sorry - forgot the 'allow_user_postgresql_connect' bool.
When applying your patch and setting this bool to on, the user can connect (as expected):

-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow               72288 Jul 24 13:57 createdb
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow              507128 Jul 24 13:57 psql

root at debselinux01:~# setsebool -P allow_user_postgresql_connect on
root at debselinux01:~# getsebool allow_user_postgresql_connect
allow_user_postgresql_connect --> on
root at debselinux01:~# logout
Connection to 192.168.122.22 closed.
florath at pelias:~$ ssh -X dummy at 192.168.122.22
dummy at 192.168.122.22's password:
dummy at debselinux01:~$ id -Z
user_u:user_r:user_t:SystemLow
dummy at debselinux01:~$ createdb tst01
dummy at debselinux01:~$ psql tst01
psql (9.4beta2)
Type "help" for help.

tst01=>

Kind regards

Andre