b98aba85d9
The attached patch adds sepgsql_contexts file into appconfig-* directory. This configuration is used to initial labeling on installation time for each database objects. We can easily look up an appropriate label using selabel_loopup(3) APIs. The 'sepgsql_contexts' is default for SE-PostgreSQL. Thanks, -- KaiGai Kohei <kaigai@ak.jp.nec.com>
41 lines
1.1 KiB
Plaintext
41 lines
1.1 KiB
Plaintext
#
|
|
# Initial security label for SE-PostgreSQL (MCS)
|
|
#
|
|
|
|
# <databases>
|
|
db_database * system_u:object_r:sepgsql_db_t:s0
|
|
|
|
# <schemas>
|
|
db_schema *.* system_u:object_r:sepgsql_schema_t:s0
|
|
|
|
# <tables>
|
|
db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
|
|
db_table *.*.* system_u:object_r:sepgsql_table_t:s0
|
|
|
|
# <column>
|
|
db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
|
|
db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
|
|
|
|
# <sequences>
|
|
db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
|
|
|
|
# <views>
|
|
db_view *.*.* system_u:object_r:sepgsql_view_t:s0
|
|
|
|
# <procedures>
|
|
db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
|
|
|
|
# <tuples>
|
|
db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
|
|
db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
|
|
|
|
# <blobs>
|
|
db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
|
|
|
|
# <language>
|
|
db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
|
|
db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
|
|
db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
|
|
db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
|
|
db_language *.* system_u:object_r:sepgsql_lang_t:s0
|