From 90bbc401dc3210ce8f16add4b8902cc33063a1a5 Mon Sep 17 00:00:00 2001 From: Kohei Kaigai Date: Fri, 15 Apr 2011 09:40:56 +0100 Subject: [PATCH] allow postgresql_t to read selabel files The attached patch allows postgresql_t domain to read selabel definition files (such as /etc/selinux/targeted/contexts/sepgsql_contexts). The upcoming version (v9.1) uses selabel_lookup(3) to assign initial security context of database objects, we need to allow this reference. Thanks, -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei --- policy/modules/services/postgresql.te | 1 + 1 file changed, 1 insertion(+) diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index aea7baa5e..f8bab6da5 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -322,6 +322,7 @@ logging_send_audit_msgs(postgresql_t) miscfiles_read_localization(postgresql_t) seutil_libselinux_linked(postgresql_t) +seutil_read_default_contexts(postgresql_t) userdom_dontaudit_use_unpriv_user_fds(postgresql_t) userdom_dontaudit_search_user_home_dirs(postgresql_t)