Merge branch 'postgres' of git://github.com/alexminder/refpolicy

policy/modules/kernel/filesystem.if

@@ -2340,6 +2340,25 @@ interface(`fs_rw_hugetlbfs_files',`
 	rw_files_pattern($1, hugetlbfs_t, hugetlbfs_t)
 ')
 
+########################################
+## <summary>
+##      Read, map and write hugetlbfs files.
+## </summary>
+## <param name="domain">
+##      <summary>
+##      Domain allowed access.
+##      </summary>
+## </param>
+#
+interface(`fs_mmap_rw_hugetlbfs_files',`
+        gen_require(`
+                type hugetlbfs_t;
+        ')
+
+        fs_rw_hugetlbfs_files($1)
+	allow $1 hugetlbfs_t:file map;
+')
+
 ########################################
 ## <summary>
 ##	Allow the type to associate to hugetlbfs filesystems.

policy/modules/services/postgresql.te

@@ -290,6 +290,7 @@ files_lock_filetrans(postgresql_t, postgresql_lock_t, file)
 manage_files_pattern(postgresql_t, postgresql_log_t, postgresql_log_t)
 logging_log_filetrans(postgresql_t, postgresql_log_t, { file dir })
 
+allow postgresql_t postgresql_tmp_t:file map;
 manage_dirs_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
 manage_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
 manage_lnk_files_pattern(postgresql_t, postgresql_tmp_t, postgresql_tmp_t)
@@ -330,7 +331,7 @@ dev_read_urand(postgresql_t)
 
 fs_getattr_all_fs(postgresql_t)
 fs_search_auto_mountpoints(postgresql_t)
-fs_rw_hugetlbfs_files(postgresql_t)
+fs_mmap_rw_hugetlbfs_files(postgresql_t)
 
 selinux_get_enforce_mode(postgresql_t)
 selinux_validate_context(postgresql_t)