diff for duplicates of <49C7667A.3020804@ak.jp.nec.com>

All of lore.kernel.org
 help / color / mirror / Atom feed

diff for duplicates of <49C7667A.3020804@ak.jp.nec.com>

diff --git a/a/1.txt b/N1/1.txt
index e7e7311..ce12c7e 100644
--- a/a/1.txt
+++ b/N1/1.txt
@@ -88,3 +88,10 @@ Thanks,
 -- 
 OSS Platform Development Division, NEC
 KaiGai Kohei <kaigai@ak.jp.nec.com>
+-------------- next part --------------
+A non-text attachment was scrubbed...
+Name: refpolicy-sepgsql-perms.patch
+Type: text/x-patch
+Size: 5130 bytes
+Desc: not available
+Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090323/d55fa108/attachment.bin
diff --git a/a/2.hdr b/a/2.hdr
deleted file mode 100644
index 21f2d3f..0000000
--- a/a/2.hdr
+++ /dev/null
@@ -1,5 +0,0 @@
-Content-Type: text/x-patch;
- name="refpolicy-sepgsql-perms.patch"
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline;
- filename="refpolicy-sepgsql-perms.patch"
diff --git a/a/2.txt b/a/2.txt
deleted file mode 100644
index 1301575..0000000
--- a/a/2.txt
+++ /dev/null
@@ -1,109 +0,0 @@
-Index: policy/flask/access_vectors
-===================================================================
---- policy/flask/access_vectors	(revision 2935)
-+++ policy/flask/access_vectors	(working copy)
-@@ -723,14 +723,12 @@
- 	access
- 	install_module
- 	load_module
--	get_param
--	set_param
-+	superuser
- }
- 
- class db_table
- inherits database
- {
--	use
- 	select
- 	update
- 	insert
-@@ -749,7 +747,6 @@
- class db_column
- inherits database
- {
--	use
- 	select
- 	update
- 	insert
-@@ -759,7 +756,6 @@
- {
- 	relabelfrom
- 	relabelto
--	use
- 	select
- 	update
- 	insert
-Index: policy/modules/services/postgresql.if
-===================================================================
---- policy/modules/services/postgresql.if	(revision 2935)
-+++ policy/modules/services/postgresql.if	(working copy)
-@@ -55,10 +55,10 @@
- 		type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
- 	')
- 
--	allow $2 user_sepgsql_table_t:db_table  { getattr setattr use select update insert delete };
--	allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };
--	allow $2 user_sepgsql_table_t:db_tuple	{ use select update insert delete };
--	allow $2 user_sepgsql_sysobj_t:db_tuple	{ use select };
-+	allow $2 user_sepgsql_table_t:db_table  { getattr setattr select update insert delete lock };
-+	allow $2 user_sepgsql_table_t:db_column { getattr setattr select update insert };
-+	allow $2 user_sepgsql_table_t:db_tuple	{ select update insert delete };
-+	allow $2 user_sepgsql_sysobj_t:db_tuple	{ select };
- 
- 	allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
- 	type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
-Index: policy/modules/services/postgresql.te
-===================================================================
---- policy/modules/services/postgresql.te	(revision 2935)
-+++ policy/modules/services/postgresql.te	(working copy)
-@@ -281,27 +281,27 @@
- # Rules common to all clients
- #
- 
--allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
-+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access };
- type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;
- 
--allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };
--allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
--allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
-+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock };
-+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert };
-+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert };
- 
--allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };
--allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
--allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };
-+allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock };
-+allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert };
-+allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete };
- 
--allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };
--allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
--allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };
-+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock };
-+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select };
-+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select };
- 
- allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
- allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;
- 
--allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
--allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
--allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
-+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select lock };
-+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select };
-+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { select };
- 
- allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };
- allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
-@@ -321,7 +321,7 @@
- # to access classified tuples and can make a audit record.
- #
- # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
--dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
-+dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { select update insert delete };
- 
- tunable_policy(`sepgsql_enable_users_ddl',`
- 	allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
diff --git a/a/content_digest b/N1/content_digest
index c4d2ece..f678b9e 100644
--- a/a/content_digest
+++ b/N1/content_digest
@@ -1,9 +1,8 @@
- "From\0KaiGai Kohei <kaigai@ak.jp.nec.com>\0"
- "Subject\0The status of SE-PostgreSQL\0"
+ "From\0kaigai@ak.jp.nec.com (KaiGai Kohei)\0"
+ "Subject\0[refpolicy] The status of SE-PostgreSQL\0"
  "Date\0Mon, 23 Mar 2009 19:37:46 +0900\0"
- "To\0selinux <selinux@tycho.nsa.gov>\0"
- "Cc\0refpolicy@oss.tresys.com\0"
- "\01:1\0"
+ "To\0refpolicy@oss.tresys.com\0"
+ "\00:1\0"
  "b\0"
  "Here is a bad news.\n"
  "\n"
@@ -94,118 +93,13 @@
  "Thanks,\n"
  "-- \n"
  "OSS Platform Development Division, NEC\n"
- KaiGai Kohei <kaigai@ak.jp.nec.com>
- "\01:2\0"
- "fn\0refpolicy-sepgsql-perms.patch\0"
- "b\0"
- "Index: policy/flask/access_vectors\n"
- "===================================================================\n"
- "--- policy/flask/access_vectors\t(revision 2935)\n"
- "+++ policy/flask/access_vectors\t(working copy)\n"
- "@@ -723,14 +723,12 @@\n"
- " \taccess\n"
- " \tinstall_module\n"
- " \tload_module\n"
- "-\tget_param\n"
- "-\tset_param\n"
- "+\tsuperuser\n"
- " }\n"
- " \n"
- " class db_table\n"
- " inherits database\n"
- " {\n"
- "-\tuse\n"
- " \tselect\n"
- " \tupdate\n"
- " \tinsert\n"
- "@@ -749,7 +747,6 @@\n"
- " class db_column\n"
- " inherits database\n"
- " {\n"
- "-\tuse\n"
- " \tselect\n"
- " \tupdate\n"
- " \tinsert\n"
- "@@ -759,7 +756,6 @@\n"
- " {\n"
- " \trelabelfrom\n"
- " \trelabelto\n"
- "-\tuse\n"
- " \tselect\n"
- " \tupdate\n"
- " \tinsert\n"
- "Index: policy/modules/services/postgresql.if\n"
- "===================================================================\n"
- "--- policy/modules/services/postgresql.if\t(revision 2935)\n"
- "+++ policy/modules/services/postgresql.if\t(working copy)\n"
- "@@ -55,10 +55,10 @@\n"
- " \t\ttype_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;\n"
- " \t')\n"
- " \n"
- "-\tallow $2 user_sepgsql_table_t:db_table  { getattr setattr use select update insert delete };\n"
- "-\tallow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };\n"
- "-\tallow $2 user_sepgsql_table_t:db_tuple\t{ use select update insert delete };\n"
- "-\tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ use select };\n"
- "+\tallow $2 user_sepgsql_table_t:db_table  { getattr setattr select update insert delete lock };\n"
- "+\tallow $2 user_sepgsql_table_t:db_column { getattr setattr select update insert };\n"
- "+\tallow $2 user_sepgsql_table_t:db_tuple\t{ select update insert delete };\n"
- "+\tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ select };\n"
- " \n"
- " \tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };\n"
- " \ttype_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;\n"
- "Index: policy/modules/services/postgresql.te\n"
- "===================================================================\n"
- "--- policy/modules/services/postgresql.te\t(revision 2935)\n"
- "+++ policy/modules/services/postgresql.te\t(working copy)\n"
- "@@ -281,27 +281,27 @@\n"
- " # Rules common to all clients\n"
- " #\n"
- " \n"
- "-allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };\n"
- "+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access };\n"
- " type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;\n"
- " \n"
- "-allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };\n"
- "-allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };\n"
- "-allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };\n"
- "+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr select insert lock };\n"
- "+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr select insert };\n"
- "+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { select insert };\n"
- " \n"
- "-allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };\n"
- "-allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };\n"
- "-allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };\n"
- "+allow sepgsql_client_type sepgsql_table_t:db_table { getattr select update insert delete lock };\n"
- "+allow sepgsql_client_type sepgsql_table_t:db_column { getattr select update insert };\n"
- "+allow sepgsql_client_type sepgsql_table_t:db_tuple { select update insert delete };\n"
- " \n"
- "-allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };\n"
- "-allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };\n"
- "-allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };\n"
- "+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr select lock };\n"
- "+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr select };\n"
- "+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { select };\n"
- " \n"
- " allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;\n"
- " allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;\n"
- " \n"
- "-allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };\n"
- "-allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };\n"
- "-allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };\n"
- "+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr select lock };\n"
- "+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr select };\n"
- "+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { select };\n"
- " \n"
- " allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute install };\n"
- " allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };\n"
- "@@ -321,7 +321,7 @@\n"
- " # to access classified tuples and can make a audit record.\n"
- " #\n"
- " # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.\n"
- "-dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };\n"
- "+dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { select update insert delete };\n"
- " \n"
- " tunable_policy(`sepgsql_enable_users_ddl',`\n"
- " \tallow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };"
+ "KaiGai Kohei <kaigai@ak.jp.nec.com>\n"
+ "-------------- next part --------------\n"
+ "A non-text attachment was scrubbed...\n"
+ "Name: refpolicy-sepgsql-perms.patch\n"
+ "Type: text/x-patch\n"
+ "Size: 5130 bytes\n"
+ "Desc: not available\n"
+ Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090323/d55fa108/attachment.bin
 
-482db93122fc8cb9c14aebc83c4a5f239b069663d1e55864f212662529f133cf
+e840f64d1f0bfb8ed1d17940213dd04ee49247ceb05edd3010eedae2a5ea535e

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.