From: andre@flonatel.org (Andreas Florath)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian
Date: Sat, 16 Aug 2014 20:25:15 +0200 [thread overview]
Message-ID: <53EFA20B.1080609@flonatel.org> (raw)
In-Reply-To: <53EE7EAE.2000409@flonatel.org>
Hello!
Sorry - forgot the 'allow_user_postgresql_connect' bool.
When applying your patch and setting this bool to on, the user can connect (as expected):
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow 72288 Jul 24 13:57 createdb
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow 507128 Jul 24 13:57 psql
root at debselinux01:~# setsebool -P allow_user_postgresql_connect on
root at debselinux01:~# getsebool allow_user_postgresql_connect
allow_user_postgresql_connect --> on
root at debselinux01:~# logout
Connection to 192.168.122.22 closed.
florath at pelias:~$ ssh -X dummy at 192.168.122.22
dummy at 192.168.122.22's password:
dummy at debselinux01:~$ id -Z
user_u:user_r:user_t:SystemLow
dummy at debselinux01:~$ createdb tst01
dummy at debselinux01:~$ psql tst01
psql (9.4beta2)
Type "help" for help.
tst01=>
Kind regards
Andre
next prev parent reply other threads:[~2014-08-16 18:25 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-15 21:42 [refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian Andreas Florath
2014-08-16 18:25 ` Andreas Florath [this message]
-- strict thread matches above, loose matches on Subject: below --
2014-08-12 12:35 [refpolicy] Postgresql labeling revisited Luis Ressel
2014-08-12 12:35 ` [refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian Luis Ressel
2014-08-14 6:59 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53EFA20B.1080609@flonatel.org \
--to=andre@flonatel.org \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.