NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit5c3d472

committed

Fix contrib/sepgsql test policy to work with latest SELinux releases.

As of Fedora 30, it seems that the system-provided macros for settingup user privileges in SELinux policies don't grant the ability to read/etc/passwd, as they formerly did. This restriction breaks psql(which tries to use getpwuid() to obtain the user name it's runningunder) and thereby the contrib/sepgsql regression test. Add explicitspecifications that we need the right to read /etc/passwd.Mike Palmiotto, per a report from me. Back-patch to all supportedbranches.Discussion:https://postgr.es/m/23856.1563381159@sss.pgh.pa.us

1 parent183cd8c commit5c3d472Copy full SHA for 5c3d472

File tree

1 file changed

+11

-0

lines changed

contrib/sepgsql
- sepgsql-regtest.te

1 file changed

+11

-0

lines changed

`‎contrib/sepgsql/sepgsql-regtest.te`

Lines changed: 11 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,9 @@ userdom_base_user_template(sepgsql_regtest_superuser)`
`31`	`31`	`userdom_manage_home_role(sepgsql_regtest_superuser_r, sepgsql_regtest_superuser_t)`
`32`	`32`	`userdom_exec_user_home_content_files(sepgsql_regtest_superuser_t)`
`33`	`33`	`userdom_write_user_tmp_sockets(sepgsql_regtest_superuser_t)`
	`34`	`+`
	`35`	`+auth_read_passwd(sepgsql_regtest_superuser_t)`
	`36`	`+`
`34`	`37`	optional_policy(`
`35`	`38`	`postgresql_stream_connect(sepgsql_regtest_superuser_t)`
`36`	`39`	`postgresql_unconfined(sepgsql_regtest_superuser_t)`
`@@ -60,6 +63,9 @@ userdom_base_user_template(sepgsql_regtest_dba)`
`60`	`63`	`userdom_manage_home_role(sepgsql_regtest_dba_r, sepgsql_regtest_dba_t)`
`61`	`64`	`userdom_exec_user_home_content_files(sepgsql_regtest_dba_t)`
`62`	`65`	`userdom_write_user_tmp_sockets(sepgsql_regtest_user_t)`
	`66`	`+`
	`67`	`+auth_read_passwd(sepgsql_regtest_dba_t)`
	`68`	`+`
`63`	`69`	optional_policy(`
`64`	`70`	`postgresql_admin(sepgsql_regtest_dba_t, sepgsql_regtest_dba_r)`
`65`	`71`	`postgresql_stream_connect(sepgsql_regtest_dba_t)`
`@@ -98,6 +104,9 @@ userdom_base_user_template(sepgsql_regtest_user)`
`98`	`104`	`userdom_manage_home_role(sepgsql_regtest_user_r, sepgsql_regtest_user_t)`
`99`	`105`	`userdom_exec_user_home_content_files(sepgsql_regtest_user_t)`
`100`	`106`	`userdom_write_user_tmp_sockets(sepgsql_regtest_user_t)`
	`107`	`+`
	`108`	`+auth_read_passwd(sepgsql_regtest_user_t)`
	`109`	`+`
`101`	`110`	optional_policy(`
`102`	`111`	`postgresql_role(sepgsql_regtest_user_r, sepgsql_regtest_user_t)`
`103`	`112`	`postgresql_stream_connect(sepgsql_regtest_user_t)`
`@@ -126,6 +135,8 @@ userdom_manage_home_role(sepgsql_regtest_pool_r, sepgsql_regtest_pool_t)`
`126`	`135`	`userdom_exec_user_home_content_files(sepgsql_regtest_pool_t)`
`127`	`136`	`userdom_write_user_tmp_sockets(sepgsql_regtest_pool_t)`
`128`	`137`
	`138`	`+auth_read_passwd(sepgsql_regtest_pool_t)`
	`139`	`+`
`129`	`140`	`type sepgsql_regtest_foo_t;`
`130`	`141`	`type sepgsql_regtest_var_t;`
`131`	`142`	`type sepgsql_regtest_foo_table_t;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5c3d472

File tree

1 file changed

1 file changed

`‎contrib/sepgsql/sepgsql-regtest.te`

0 commit comments