From: KaiGai Kohei <kaigai@kaigai.gr.jp>
To: selinux@tycho.nsa.gov
Cc: cpebenito@tresys.com
Subject: Re: [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release
Date: Mon, 05 Mar 2007 23:41:20 +0900 [thread overview]
Message-ID: <45EC2C10.6050603@kaigai.gr.jp> (raw)
In-Reply-To: <45EC0D21.2070706@kaigai.gr.jp>
[-- Attachment #1: Type: text/plain, Size: 801 bytes --]
Hello,
The attached patch adds new object classes, access vectors and
booleans related to database.
SE-PostgreSQL uses them to manage the various kinds of database
objects such as tables, columns, tuples and so on.
The most of security policies are provided as a binary security
policy within RPM package. But it requires the definition of new
object classes, access vectors and booleans in the base policy.
Please apply it.
BTW, SE-PostgreSQL does 'semodule -i' in the %post section of RPM
installation script after a verification whether an older version
of sepostgresql.pp has been already installed, or not.
I think the description of script can become easier, if semodule
has 'install or upgrade if older version was installed' option.
How is the idea?
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
[-- Attachment #2: policy-sepgsql.patch --]
[-- Type: text/x-patch, Size: 3612 bytes --]
Index: refpolicy/policy/flask/security_classes
===================================================================
--- refpolicy/policy/flask/security_classes (revision 2204)
+++ refpolicy/policy/flask/security_classes (working copy)
@@ -97,4 +97,12 @@
class dccp_socket
+# SE-PostgreSQL relation
+class database # userspace
+class table # userspace
+class procedure # userspace
+class column # userspace
+class tuple # userspace
+class blob # userspace
+
# FLASK
Index: refpolicy/policy/flask/access_vectors
===================================================================
--- refpolicy/policy/flask/access_vectors (revision 2204)
+++ refpolicy/policy/flask/access_vectors (working copy)
@@ -80,6 +80,20 @@
}
#
+# Define a common prefix for userspace database object access vectors.
+#
+
+common database
+{
+ create
+ drop
+ getattr
+ setattr
+ relabelfrom
+ relabelto
+}
+
+#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }
@@ -648,3 +662,58 @@
node_bind
name_connect
}
+
+# definition for SE-PostgreSQL
+class database
+inherits database
+{
+ access
+ install_module
+ load_module
+ get_param
+ set_param
+}
+
+class table
+inherits database
+{
+ select
+ update
+ insert
+ delete
+ lock
+}
+
+class procedure
+inherits database
+{
+ execute
+ entrypoint
+}
+
+class column
+inherits database
+{
+ select
+ update
+ insert
+}
+
+class tuple
+{
+ relabelfrom
+ relabelto
+ select
+ update
+ insert
+ delete
+}
+
+class blob
+inherits database
+{
+ read
+ write
+ import
+ export
+}
Index: refpolicy/policy/mcs
===================================================================
--- refpolicy/policy/mcs (revision 2204)
+++ refpolicy/policy/mcs (working copy)
@@ -98,4 +98,28 @@
mlsconstrain process { sigkill sigstop }
(( h1 dom h2 ) or ( t1 == mcskillall ));
+# MCS policy for SE-PostgreSQL
+#-------------------------------
+
+# Any database object must be dominated by the relabeling subject
+# clearance, also the objects are single-level.
+mlsconstrain { database table procedure column blob } { create relabelto }
+ ((h1 dom h2) and ( l1 domby h2 ) and ( l2 eq h2 ));
+mlsconstrain tuple { insert relabelto }
+ (( h1 dom h2 ) and ( l1 domby h2 ) and ( l2 eq h2 ));
+
+# Access control for any database objects based on MCS rules.
+mlsconstrain database { drop setattr relabelfrom access install_module load_module get_param set_param }
+ ( h1 dom h2 );
+mlsconstrain table { drop setattr relabelfrom select update insert delete }
+ ( h1 dom h2 );
+mlsconstrain column { drop setattr relabelfrom select update insert }
+ ( h1 dom h2 );
+mlsconstrain tuple { relabelfrom select update delete }
+ ( h1 dom h2 );
+mlsconstrain procedure { execute }
+ ( h1 dom h2 );
+mlsconstrain blob { drop setattr relabelfrom read write }
+ ( h1 dom h2 );
+
') dnl end enable_mcs
Index: refpolicy/policy/global_tunables
===================================================================
--- refpolicy/policy/global_tunables (revision 2204)
+++ refpolicy/policy/global_tunables (working copy)
@@ -11,6 +11,27 @@
## <desc>
## <p>
+## Enable to output SE-PostgreSQL allowed audit message
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_auditallow, false)
+
+## <desc>
+## <p>
+## Disable to output SE-PostgreSQL denied audit messages
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_auditdeny, true)
+
+## <desc>
+## <p>
+## Disable to output SE-PostgreSQL audit message per tuple
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_audittuple, false)
+
+## <desc>
+## <p>
## Allow cvs daemon to read shadow
## </p>
## </desc>
next prev parent reply other threads:[~2007-03-05 14:42 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-03-05 12:29 [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release KaiGai Kohei
2007-03-05 14:41 ` KaiGai Kohei [this message]
2007-03-07 16:17 ` Christopher J. PeBenito
2007-03-08 13:33 ` KaiGai Kohei
2007-03-08 13:33 ` Stephen Smalley
2007-03-08 14:50 ` KaiGai Kohei
2007-03-08 15:00 ` Stephen Smalley
2007-03-08 15:21 ` Joshua Brindle
2007-03-08 15:23 ` Joshua Brindle
2007-03-08 15:30 ` Stephen Smalley
2007-03-08 16:24 ` Eamon Walsh
2007-03-08 20:23 ` Stephen Smalley
2007-03-09 15:25 ` KaiGai Kohei
2007-03-09 16:37 ` Stephen Smalley
2007-03-12 17:10 ` Eamon Walsh
2007-03-12 17:50 ` Stephen Smalley
2007-03-08 17:30 ` Solaris 10 w/ Trusted Extensions vs SE Linux Comparison Fletcher, Boyd C. CIV US USJFCOM JFL J9935
2007-03-08 18:39 ` Fletcher, Boyd C. CIV US USJFCOM JFL J9935
2007-03-29 15:57 ` Karl MacMillan
2007-03-06 9:34 ` [ANN] SE-PostgreSQL 8.2.3-1.0 alpha release Russell Coker
2007-03-06 19:05 ` KaiGai Kohei
2007-03-06 19:17 ` Stephen Smalley
2007-03-06 22:36 ` Russell Coker
2007-03-07 14:01 ` KaiGai Kohei
2007-03-07 13:17 ` KaiGai Kohei
2007-03-07 14:58 ` Casey Schaufler
2007-03-07 15:58 ` James W. Hoeft
2007-03-07 16:01 ` Joshua Brindle
2007-03-08 13:12 ` KaiGai Kohei
2007-03-08 13:25 ` Stephen Smalley
2007-03-08 14:34 ` KaiGai Kohei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=45EC2C10.6050603@kaigai.gr.jp \
--to=kaigai@kaigai.gr.jp \
--cc=cpebenito@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.