[DSE-User] SELinux on Wheezy: postgresql
Arno Schuring
aelschuring at hotmail.com
Sat Feb 11 14:36:10 UTC 2012
With /run/postgresql now having a generic label, make sure sock_files
also receive the required type_transition.
Regards,
Arno
-8<--
diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc
index f03fad4..6740f3f 100644
--- a/policy/modules/services/postgresql.fc
+++ b/policy/modules/services/postgresql.fc
@@ -44,5 +44,7 @@ ifdef(`distro_redhat', `
')
/var/run/postgresql(/.*)? gen_context(system_u:object_r:postgresql_var_run_t,s0)
+/run/postgresql/.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
/var/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
+/run/postmaster.* gen_context(system_u:object_r:postgresql_var_run_t,s0)
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te
index d8b7720..6d5b554 100644
--- a/policy/modules/services/postgresql.te
+++ b/policy/modules/services/postgresql.te
@@ -1,4 +1,4 @@
-policy_module(postgresql, 1.13.0)
+policy_module(postgresql, 1.13.2)
gen_require(`
class db_database all_db_database_perms;
@@ -261,7 +261,7 @@ fs_tmpfs_filetrans(postgresql_t, postgresql_tmp_t, { dir file lnk_file sock_file
manage_dirs_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
manage_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
manage_sock_files_pattern(postgresql_t, postgresql_var_run_t, postgresql_var_run_t)
-files_pid_filetrans(postgresql_t, postgresql_var_run_t, { dir file })
+files_pid_filetrans(postgresql_t, postgresql_var_run_t, { file dir sock_file })
kernel_read_kernel_sysctls(postgresql_t)
kernel_read_system_state(postgresql_t)
More information about the Selinux-user
mailing list