selinux-refpolicy/policy/flask
Chris PeBenito 350ed89156 se-postgresql update from kaigai
- rework: Add a comment of "deprecated" for deprecated permissions.
- bugfix: MCS policy did not constrain the following permissions.
    db_database:{getattr}
    db_table:{getattr lock}
    db_column:{getattr}
    db_procedure:{drop getattr setattr}
    db_blob:{getattr import export}
- rework: db_table:{lock} is moved to reader side, because it makes
  impossible to refer read-only table with foreign-key constraint.
  (FK checks internally acquire explicit locks.)
- bugfix: some of permissions in db_procedure class are allowed
  on sepgsql_trusted_proc_t, but it is a domain, not a procedure.
  It should allow them on sepgsql_trusted_proc_exec_t.
  I also aliased sepgsql_proc_t as sepgsql_proc_exec_t to avoid
  such kind of confusion, as Chris suggested before.
- rework: we should not allow db_procedure:{install} on the
  sepgsql_trusted_proc_exec_t, because of a risk to invoke trusted
  procedure implicitly.
- bugfix: MLS policy dealt db_blob:{export} as writer-side permission,
  but it is required whrn the largeobject is refered.
- bugfix: MLS policy didn't constrain the db_procedure class.
2009-05-07 12:35:32 +00:00
..
Makefile trunk: do not emit lines in the kernel version of av_inherit.h for commons that are only inherited by userspace object classes. 2007-10-16 18:30:23 +00:00
access_vectors se-postgresql update from kaigai 2009-05-07 12:35:32 +00:00
flask.py trunk: fix do not userspace commons in kernel version of av_permissions.h. 2007-10-16 19:05:27 +00:00
initial_sids
security_classes trunk: Add kernel_service access vectors, from Stephen Smalley. 2009-01-05 21:44:33 +00:00