Add sepgsql_contexts into appconfig-*
The attached patch adds sepgsql_contexts file into appconfig-* directory. This configuration is used to initial labeling on installation time for each database objects. We can easily look up an appropriate label using selabel_loopup(3) APIs. The 'sepgsql_contexts' is default for SE-PostgreSQL. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com>
This commit is contained in:
KaiGai Kohei
Chris PeBenito
parent
7c4fbeba94
commit
b98aba85d9
2
Makefile
2
Makefile
@ -248,7 +248,7 @@ seusers := $(appconf)/seusers
|
||||
appdir := $(contextpath)
|
||||
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
|
||||
user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
|
||||
appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
|
||||
appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
|
||||
net_contexts := $(builddir)net_contexts
|
||||
|
||||
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
|
||||
|
||||
40
config/appconfig-mcs/sepgsql_contexts
Normal file
40
config/appconfig-mcs/sepgsql_contexts
Normal file
@ -0,0 +1,40 @@
|
||||
#
|
||||
# Initial security label for SE-PostgreSQL (MCS)
|
||||
#
|
||||
|
||||
# <databases>
|
||||
db_database * system_u:object_r:sepgsql_db_t:s0
|
||||
|
||||
# <schemas>
|
||||
db_schema *.* system_u:object_r:sepgsql_schema_t:s0
|
||||
|
||||
# <tables>
|
||||
db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
|
||||
db_table *.*.* system_u:object_r:sepgsql_table_t:s0
|
||||
|
||||
# <column>
|
||||
db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
|
||||
db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
|
||||
|
||||
# <sequences>
|
||||
db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
|
||||
|
||||
# <views>
|
||||
db_view *.*.* system_u:object_r:sepgsql_view_t:s0
|
||||
|
||||
# <procedures>
|
||||
db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
|
||||
|
||||
# <tuples>
|
||||
db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
|
||||
db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
|
||||
|
||||
# <blobs>
|
||||
db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
|
||||
|
||||
# <language>
|
||||
db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.* system_u:object_r:sepgsql_lang_t:s0
|
||||
40
config/appconfig-mls/sepgsql_contexts
Normal file
40
config/appconfig-mls/sepgsql_contexts
Normal file
@ -0,0 +1,40 @@
|
||||
#
|
||||
# Initial security label for SE-PostgreSQL (MLS)
|
||||
#
|
||||
|
||||
# <databases>
|
||||
db_database * system_u:object_r:sepgsql_db_t:s0
|
||||
|
||||
# <schemas>
|
||||
db_schema *.* system_u:object_r:sepgsql_schema_t:s0
|
||||
|
||||
# <tables>
|
||||
db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
|
||||
db_table *.*.* system_u:object_r:sepgsql_table_t:s0
|
||||
|
||||
# <column>
|
||||
db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
|
||||
db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
|
||||
|
||||
# <sequences>
|
||||
db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
|
||||
|
||||
# <views>
|
||||
db_view *.*.* system_u:object_r:sepgsql_view_t:s0
|
||||
|
||||
# <procedures>
|
||||
db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
|
||||
|
||||
# <tuples>
|
||||
db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
|
||||
db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
|
||||
|
||||
# <blobs>
|
||||
db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
|
||||
|
||||
# <language>
|
||||
db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
|
||||
db_language *.* system_u:object_r:sepgsql_lang_t:s0
|
||||
40
config/appconfig-standard/sepgsql_contexts
Normal file
40
config/appconfig-standard/sepgsql_contexts
Normal file
@ -0,0 +1,40 @@
|
||||
#
|
||||
# Initial security label for SE-PostgreSQL (none-MLS)
|
||||
#
|
||||
|
||||
# <databases>
|
||||
db_database * system_u:object_r:sepgsql_db_t
|
||||
|
||||
# <schemas>
|
||||
db_schema *.* system_u:object_r:sepgsql_schema_t
|
||||
|
||||
# <tables>
|
||||
db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t
|
||||
db_table *.*.* system_u:object_r:sepgsql_table_t
|
||||
|
||||
# <column>
|
||||
db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t
|
||||
db_column *.*.*.* system_u:object_r:sepgsql_table_t
|
||||
|
||||
# <sequences>
|
||||
db_sequence *.*.* system_u:object_r:sepgsql_seq_t
|
||||
|
||||
# <views>
|
||||
db_view *.*.* system_u:object_r:sepgsql_view_t
|
||||
|
||||
# <procedures>
|
||||
db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t
|
||||
|
||||
# <tuples>
|
||||
db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t
|
||||
db_tuple *.*.* system_u:object_r:sepgsql_table_t
|
||||
|
||||
# <blobs>
|
||||
db_blobs *.* system_u:object_r:sepgsql_blob_t
|
||||
|
||||
# <language>
|
||||
db_language *.sql system_u:object_r:sepgsql_safe_lang_t
|
||||
db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t
|
||||
db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t
|
||||
db_language *.plperl system_u:object_r:sepgsql_safe_lang_t
|
||||
db_language *.* system_u:object_r:sepgsql_lang_t
|
||||
@ -74,6 +74,7 @@ make NAME=%{polname2} TYPE=%{type2} DISTRO=%{distro} DIRECT_INITRC=%{direct_init
|
||||
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/initrc_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/removable_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/userhelper_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/sepgsql_contexts
|
||||
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/x_contexts
|
||||
%dir %{_sysconfdir}/selinux/*/contexts/files
|
||||
#%ghost %config %{_sysconfdir}/selinux/*/contexts/files/file_contexts
|
||||
@ -118,6 +119,7 @@ SELinux Reference policy targeted base module.
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/initrc_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/removable_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/userhelper_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/sepgsql_contexts
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/x_contexts
|
||||
%dir %{_sysconfdir}/selinux/%{polname1}/contexts/files
|
||||
#%ghost %config %{_sysconfdir}/selinux/%{polname1}/contexts/files/file_contexts
|
||||
@ -164,6 +166,7 @@ SELinux Reference policy strict base module.
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/initrc_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/removable_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/userhelper_context
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/sepgsql_contexts
|
||||
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/x_contexts
|
||||
%dir %{_sysconfdir}/selinux/%{polname2}/contexts/files
|
||||
#%ghost %config %{_sysconfdir}/selinux/%{polname2}/contexts/files/file_contexts
|
||||
|
||||
Loading…
Reference in New Issue
Block a user