selinux-refpolicy/policy/modules
Chris PeBenito a01a4a7183 trunk:
OK, the attached patch adds the following types for unprivileged clients.
 - unpriv_sepgsql_table_t
 - unpriv_sepgsql_sysobj_t
 - unpriv_sepgsql_proc_exec_t
 - unpriv_sepgsql_blob_t

These types are the default for unprivileged and unprefixed domains,
such as httpd_t and others.

In addition, TYPE_TRANSITION rules are moved to outside of tunable
of the sepgsql_enable_users_ddl. IIRC, it was enclosed within the
tunable because UBAC domains (user_t and so on) were allowed to
create sepgsql_table_t, and its default was pointed to this type
when sepgsql_enable_users_ddl is disabled.
However, it has different meanings now, so the TYPE_TRANSITION rules
should be unconditional.

KaiGai Kohei
2009-05-21 11:28:14 +00:00
..
admin trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
apps trunk: 4 patches from dan. 2009-03-11 13:32:23 +00:00
kernel trunk: 4 patches from dan. 2009-05-14 14:41:50 +00:00
roles trunk: 5 patches from dan. 2009-04-07 14:09:43 +00:00
services trunk: 2009-05-21 11:28:14 +00:00
system trunk: whitespace fixes. 2009-05-06 14:44:57 +00:00