* gentoo diff for postgresql
@ 2004-11-15 15:58 petre rodan
2004-11-18 19:50 ` James Carter
0 siblings, 1 reply; 2+ messages in thread
From: petre rodan @ 2004-11-15 15:58 UTC (permalink / raw)
To: selinux
[-- Attachment #1.1: Type: text/plain, Size: 169 bytes --]
Hi,
a diff that handles the gentoo init scripts and the location of database files.
bye,
peter
--
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux
[-- Attachment #1.2: selinux-postgresql.diff --]
[-- Type: text/plain, Size: 1302 bytes --]
--- /root/public_html/policy/nsa/file_contexts/program/postgresql.fc 2004-10-21 12:56:53.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/postgresql/postgresql.fc 2004-10-28 11:48:44.000000000 +0300
@@ -12,7 +12,7 @@
/usr/bin/pg_id -- system_u:object_r:postgresql_exec_t
/usr/bin/pg_restore -- system_u:object_r:postgresql_exec_t
-/var/lib/postgres(/.*)? system_u:object_r:postgresql_db_t
+/var/lib/postgres(ql)?(/.*)? system_u:object_r:postgresql_db_t
/var/lib/pgsql(/.*)? system_u:object_r:postgresql_db_t
/var/run/postgresql(/.*)? system_u:object_r:postgresql_var_run_t
/etc/postgresql(/.*)? system_u:object_r:postgresql_etc_t
--- /root/public_html/policy/nsa/domains/program/unused/postgresql.te 2004-10-12 12:32:18.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/postgresql/postgresql.te 2004-10-28 11:48:12.000000000 +0300
@@ -108,3 +108,11 @@
dontaudit postgresql_t selinux_config_t:dir { search };
allow postgresql_t mail_spool_t:dir { search };
rw_dir_create_file(postgresql_t, var_lock_t)
+
+ifdef(`distro_gentoo', `
+# "su - postgres ..." is called from initrc_t
+allow initrc_su_t postgresql_db_t:dir { search };
+allow postgresql_t initrc_su_t:process { sigchld };
+dontaudit initrc_su_t sysadm_devpts_t:chr_file rw_file_perms;
+')
+
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 252 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: gentoo diff for postgresql
2004-11-15 15:58 gentoo diff for postgresql petre rodan
@ 2004-11-18 19:50 ` James Carter
0 siblings, 0 replies; 2+ messages in thread
From: James Carter @ 2004-11-18 19:50 UTC (permalink / raw)
To: petre rodan; +Cc: SELinux
Merged.
On Mon, 2004-11-15 at 10:58, petre rodan wrote:
> Hi,
>
> a diff that handles the gentoo init scripts and the location of database files.
>
> bye,
> peter
--
James Carter <jwcart2@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-11-18 19:47 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-15 15:58 gentoo diff for postgresql petre rodan
2004-11-18 19:50 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.