allow postgresql_t to read selabel files
The attached patch allows postgresql_t domain to read selabel definition files (such as /etc/selinux/targeted/contexts/sepgsql_contexts). The upcoming version (v9.1) uses selabel_lookup(3) to assign initial security context of database objects, we need to allow this reference. Thanks, -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@eu.nec.com>
This commit is contained in:
parent
127d617b31
commit
90bbc401dc
|
@ -322,6 +322,7 @@ logging_send_audit_msgs(postgresql_t)
|
||||||
miscfiles_read_localization(postgresql_t)
|
miscfiles_read_localization(postgresql_t)
|
||||||
|
|
||||||
seutil_libselinux_linked(postgresql_t)
|
seutil_libselinux_linked(postgresql_t)
|
||||||
|
seutil_read_default_contexts(postgresql_t)
|
||||||
|
|
||||||
userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
|
userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
|
||||||
userdom_dontaudit_search_user_home_dirs(postgresql_t)
|
userdom_dontaudit_search_user_home_dirs(postgresql_t)
|
||||||
|
|
Loading…
Reference in New Issue