allow postgresql_t to read selabel files

The attached patch allows postgresql_t domain to read selabel definition files
(such as /etc/selinux/targeted/contexts/sepgsql_contexts).

The upcoming version (v9.1) uses selabel_lookup(3) to assign initial security context
of database objects, we need to allow this reference.

Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei.kaigai@eu.nec.com>
This commit is contained in:
Kohei Kaigai 2011-04-15 09:40:56 +01:00 committed by Chris PeBenito
parent 127d617b31
commit 90bbc401dc
1 changed files with 1 additions and 0 deletions

View File

@ -322,6 +322,7 @@ logging_send_audit_msgs(postgresql_t)
miscfiles_read_localization(postgresql_t) miscfiles_read_localization(postgresql_t)
seutil_libselinux_linked(postgresql_t) seutil_libselinux_linked(postgresql_t)
seutil_read_default_contexts(postgresql_t)
userdom_dontaudit_use_unpriv_user_fds(postgresql_t) userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
userdom_dontaudit_search_user_home_dirs(postgresql_t) userdom_dontaudit_search_user_home_dirs(postgresql_t)