trunk: additional patch from kaigai to fix up some type transitions for unpriv clients.
This commit is contained in:
parent
e8cb08aefa
commit
8e7d43c8ac
@ -340,18 +340,17 @@ interface(`postgresql_unpriv_client',`
|
||||
class db_blob all_db_blob_perms;
|
||||
|
||||
attribute sepgsql_client_type;
|
||||
attribute sepgsql_database_type;
|
||||
|
||||
type sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
|
||||
type sepgsql_db_t, sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t;
|
||||
|
||||
type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t;
|
||||
')
|
||||
|
||||
typeattribute $1 sepgsql_client_type;
|
||||
|
||||
type_transition $1 sepgsql_database_type:db_table sepgsql_table_t;
|
||||
type_transition $1 sepgsql_database_type:db_procedure sepgsql_proc_t;
|
||||
type_transition $1 sepgsql_database_type:db_blob sepgsql_blob_t;
|
||||
type_transition $1 sepgsql_db_t:db_table sepgsql_table_t;
|
||||
type_transition $1 sepgsql_db_t:db_procedure sepgsql_proc_t;
|
||||
type_transition $1 sepgsql_db_t:db_blob sepgsql_blob_t;
|
||||
|
||||
type_transition $1 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t;
|
||||
allow $1 sepgsql_trusted_domain_t:process transition;
|
||||
|
Loading…
Reference in New Issue
Block a user