a01a4a7183
OK, the attached patch adds the following types for unprivileged clients. - unpriv_sepgsql_table_t - unpriv_sepgsql_sysobj_t - unpriv_sepgsql_proc_exec_t - unpriv_sepgsql_blob_t These types are the default for unprivileged and unprefixed domains, such as httpd_t and others. In addition, TYPE_TRANSITION rules are moved to outside of tunable of the sepgsql_enable_users_ddl. IIRC, it was enclosed within the tunable because UBAC domains (user_t and so on) were allowed to create sepgsql_table_t, and its default was pointed to this type when sepgsql_enable_users_ddl is disabled. However, it has different meanings now, so the TYPE_TRANSITION rules should be unconditional. KaiGai Kohei |
||
|---|---|---|
| .. | ||
| admin | ||
| apps | ||
| kernel | ||
| roles | ||
| services | ||
| system | ||