From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 27 May 2015 14:51:21 -0400
Subject: [refpolicy] [PATCH 2/2] postgresql: use init_startstop_service
 in _admin interface
In-Reply-To: <1432546436-17885-2-git-send-email-jason@perfinion.com>
References: <1432546436-17885-1-git-send-email-jason@perfinion.com>
	<1432546436-17885-2-git-send-email-jason@perfinion.com>
Message-ID: <55661229.8020202@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 5/25/2015 5:33 AM, Jason Zaman wrote:
> The postgresql_admin interfaces had rules for RedHat sysvinit. This
> replaces them with the interface init_startstop_service which can
> easily be changed for other init systems.

Merged.


> ---
>  policy/modules/services/postgresql.if | 5 +----
>  1 file changed, 1 insertion(+), 4 deletions(-)
> 
> diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if
> index 9d2f311..60395e7 100644
> --- a/policy/modules/services/postgresql.if
> +++ b/policy/modules/services/postgresql.if
> @@ -577,10 +577,7 @@ interface(`postgresql_admin',`
>  	allow $1 postgresql_t:process { ptrace signal_perms };
>  	ps_process_pattern($1, postgresql_t)
>  
> -	init_labeled_script_domtrans($1, postgresql_initrc_exec_t)
> -	domain_system_change_exemption($1)
> -	role_transition $2 postgresql_initrc_exec_t system_r;
> -	allow $2 system_r;
> +	init_startstop_service($1, $2, postgresql_t, postgresql_initrc_exec_t)
>  
>  	admin_pattern($1, postgresql_var_run_t)
>  
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com