diff for duplicates of <4A03AF73.4040407@ak.jp.nec.com>

All of lore.kernel.org
 help / color / mirror / Atom feed

diff for duplicates of <4A03AF73.4040407@ak.jp.nec.com>

diff --git a/a/1.txt b/N1/1.txt
index bafb790..cb2493e 100644
--- a/a/1.txt
+++ b/N1/1.txt
@@ -52,3 +52,10 @@ KaiGai Kohei wrote:
 -- 
 OSS Platform Development Division, NEC
 KaiGai Kohei <kaigai@ak.jp.nec.com>
+-------------- next part --------------
+A non-text attachment was scrubbed...
+Name: refpolicy-sepgsql-2-correct-sepgsql_enable_users_ddl.patch
+Type: text/x-patch
+Size: 3331 bytes
+Desc: not available
+Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090508/440c820d/attachment.bin
diff --git a/a/2.hdr b/a/2.hdr
deleted file mode 100644
index 1c44389..0000000
--- a/a/2.hdr
+++ /dev/null
@@ -1,5 +0,0 @@
-Content-Type: text/x-patch;
- name="refpolicy-sepgsql-2-correct-sepgsql_enable_users_ddl.patch"
-Content-Transfer-Encoding: 7bit
-Content-Disposition: inline;
- filename*0="refpolicy-sepgsql-2-correct-sepgsql_enable_users_ddl.patch"
diff --git a/a/2.txt b/a/2.txt
deleted file mode 100644
index d53f5d8..0000000
--- a/a/2.txt
+++ /dev/null
@@ -1,61 +0,0 @@
---- policy/modules/services/postgresql.if	2009-05-08 12:32:51.000000000 +0900
-+++ policy/modules/services/postgresql.if.2	2009-05-08 11:58:46.000000000 +0900
-@@ -46,20 +46,21 @@
- 	#
- 
- 	tunable_policy(`sepgsql_enable_users_ddl',`
--		allow $2 user_sepgsql_table_t:db_table { create drop };
--		allow $2 user_sepgsql_table_t:db_column { create drop };
-+		allow $2 user_sepgsql_table_t:db_table { create drop setattr };
-+		allow $2 user_sepgsql_table_t:db_column { create drop setattr };
- 		allow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };
-+		allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };
- 	')
- 
--	allow $2 user_sepgsql_table_t:db_table  { getattr setattr use select update insert delete lock };
--	allow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };
-+	allow $2 user_sepgsql_table_t:db_table  { setattr use select update insert delete lock };
-+	allow $2 user_sepgsql_table_t:db_column { setattr use select update insert };
- 	allow $2 user_sepgsql_table_t:db_tuple	{ use select update insert delete };
- 	type_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;
- 
- 	allow $2 user_sepgsql_sysobj_t:db_tuple	{ use select };
- 	type_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;
- 
--	allow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
-+	allow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };
- 	type_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;
- 
- 	allow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
-@@ -346,6 +347,7 @@
- 		allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };
- 		allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };
- 		allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };
-+		allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };
- 	')
- 
- 	allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };
-@@ -356,7 +358,7 @@
- 	allow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };
- 	type_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;
- 
--	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };
-+	allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };
- 	type_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;
- 
- 	allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write };
---- policy/modules/services/postgresql.te	2009-05-08 12:38:30.000000000 +0900
-+++ policy/modules/services/postgresql.te.2	2009-05-08 12:39:10.000000000 +0900
-@@ -338,12 +338,6 @@
- # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.
- dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };
- 
--tunable_policy(`sepgsql_enable_users_ddl',`
--	allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
--	allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
--	allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
--')
--
- ########################################
- #
- # Unconfined access to this module
diff --git a/a/content_digest b/N1/content_digest
index 71407b8..e5addfb 100644
--- a/a/content_digest
+++ b/N1/content_digest
@@ -8,14 +8,11 @@
  "ref\049ED04DF.8050306@ak.jp.nec.com\0"
  "ref\01241699079.19211.1251.camel@gorn.columbia.tresys.com\0"
  "ref\04A03AD55.8020207@ak.jp.nec.com\0"
- "From\0KaiGai Kohei <kaigai@ak.jp.nec.com>\0"
- "Subject\0Re: [refpolicy] [RFC] Security policy reworks for SE-PostgreSQL\0"
+ "From\0kaigai@ak.jp.nec.com (KaiGai Kohei)\0"
+ "Subject\0[refpolicy] [RFC] Security policy reworks for SE-PostgreSQL\0"
  "Date\0Fri, 08 May 2009 13:05:07 +0900\0"
- "To\0Christopher J. PeBenito <cpebenito@tresys.com>\0"
- "Cc\0refpolicy@oss.tresys.com"
-  selinux@tycho.nsa.gov
- " Joshua Brindle <method@manicmethod.com>\0"
- "\01:1\0"
+ "To\0refpolicy@oss.tresys.com\0"
+ "\00:1\0"
  "b\0"
  "The attached patch fixes incorrect behavior in sepgsql_enable_users_ddl.\n"
  "\n"
@@ -70,70 +67,13 @@
  "> Thanks,\n"
  "-- \n"
  "OSS Platform Development Division, NEC\n"
- KaiGai Kohei <kaigai@ak.jp.nec.com>
- "\01:2\0"
- "fn\0refpolicy-sepgsql-2-correct-sepgsql_enable_users_ddl.patch\0"
- "b\0"
- "--- policy/modules/services/postgresql.if\t2009-05-08 12:32:51.000000000 +0900\n"
- "+++ policy/modules/services/postgresql.if.2\t2009-05-08 11:58:46.000000000 +0900\n"
- "@@ -46,20 +46,21 @@\n"
- " \t#\n"
- " \n"
- " \ttunable_policy(`sepgsql_enable_users_ddl',`\n"
- "-\t\tallow $2 user_sepgsql_table_t:db_table { create drop };\n"
- "-\t\tallow $2 user_sepgsql_table_t:db_column { create drop };\n"
- "+\t\tallow $2 user_sepgsql_table_t:db_table { create drop setattr };\n"
- "+\t\tallow $2 user_sepgsql_table_t:db_column { create drop setattr };\n"
- " \t\tallow $2 user_sepgsql_sysobj_t:db_tuple { update insert delete };\n"
- "+\t\tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop setattr };\n"
- " \t')\n"
- " \n"
- "-\tallow $2 user_sepgsql_table_t:db_table  { getattr setattr use select update insert delete lock };\n"
- "-\tallow $2 user_sepgsql_table_t:db_column { getattr setattr use select update insert };\n"
- "+\tallow $2 user_sepgsql_table_t:db_table  { setattr use select update insert delete lock };\n"
- "+\tallow $2 user_sepgsql_table_t:db_column { setattr use select update insert };\n"
- " \tallow $2 user_sepgsql_table_t:db_tuple\t{ use select update insert delete };\n"
- " \ttype_transition $2 sepgsql_database_type:db_table user_sepgsql_table_t;\n"
- " \n"
- " \tallow $2 user_sepgsql_sysobj_t:db_tuple\t{ use select };\n"
- " \ttype_transition $2 sepgsql_sysobj_table_type:db_tuple user_sepgsql_sysobj_t;\n"
- " \n"
- "-\tallow $2 user_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };\n"
- "+\tallow $2 user_sepgsql_proc_exec_t:db_procedure { getattr execute };\n"
- " \ttype_transition $2 sepgsql_database_type:db_procedure user_sepgsql_proc_exec_t;\n"
- " \n"
- " \tallow $2 user_sepgsql_blob_t:db_blob { create drop getattr setattr read write };\n"
- "@@ -346,6 +347,7 @@\n"
- " \t\tallow $1 unpriv_sepgsql_table_t:db_table { create drop setattr };\n"
- " \t\tallow $1 unpriv_sepgsql_table_t:db_column { create drop setattr };\n"
- " \t\tallow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete };\n"
- "+\t\tallow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr };\n"
- " \t')\n"
- " \n"
- " \tallow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock };\n"
- "@@ -356,7 +358,7 @@\n"
- " \tallow $1 unpriv_sepgsql_sysobj_t:db_tuple { use select };\n"
- " \ttype_transition $1 sepgsql_sysobj_table_type:db_tuple unpriv_sepgsql_sysobj_t;\n"
- " \n"
- "-\tallow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop getattr setattr execute };\n"
- "+\tallow $1 unpriv_sepgsql_proc_exec_t:db_procedure { getattr execute };\n"
- " \ttype_transition $1 sepgsql_database_type:db_procedure unpriv_sepgsql_proc_exec_t;\n"
- " \n"
- " \tallow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write };\n"
- "--- policy/modules/services/postgresql.te\t2009-05-08 12:38:30.000000000 +0900\n"
- "+++ policy/modules/services/postgresql.te.2\t2009-05-08 12:39:10.000000000 +0900\n"
- "@@ -338,12 +338,6 @@\n"
- " # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL.\n"
- " dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete };\n"
- " \n"
- "-tunable_policy(`sepgsql_enable_users_ddl',`\n"
- "-\tallow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };\n"
- "-\tallow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };\n"
- "-\tallow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };\n"
- "-')\n"
- "-\n"
- " ########################################\n"
- " #\n"
-  # Unconfined access to this module
+ "KaiGai Kohei <kaigai@ak.jp.nec.com>\n"
+ "-------------- next part --------------\n"
+ "A non-text attachment was scrubbed...\n"
+ "Name: refpolicy-sepgsql-2-correct-sepgsql_enable_users_ddl.patch\n"
+ "Type: text/x-patch\n"
+ "Size: 3331 bytes\n"
+ "Desc: not available\n"
+ Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20090508/440c820d/attachment.bin
 
-ff4de80dacbff5453f1271d16d637daf3675b73b269dd4ee759482dc8facfe84
+c74ed8f87172b5d7353ac17a885e54b52826fb36b41ecfa4cf83167b35106166

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.