* [refpolicy] services_postgresql.patch
@ 2010-08-26 22:08 Daniel J Walsh
2010-09-15 13:21 ` Christopher J. PeBenito
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2010-08-26 22:08 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_postgresql.patch
tmpfs /var/run
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkx25c4ACgkQrlYvE4MpobMoWQCgx5aLh11grYNSWT+aPiCgzKf4
Yd4An1P2nIOwxsDelyPTYzROhvx+Q2mb
=AI32
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
2010-08-26 22:08 [refpolicy] services_postgresql.patch Daniel J Walsh
@ 2010-09-15 13:21 ` Christopher J. PeBenito
0 siblings, 0 replies; 10+ messages in thread
From: Christopher J. PeBenito @ 2010-09-15 13:21 UTC (permalink / raw)
To: refpolicy
On 08/26/10 18:08, Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F14/services_postgresql.patch
>
>
> tmpfs /var/run
Merged.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
@ 2010-02-23 20:38 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2010-02-23 20:38 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F13/services_postgresql.patch
File context for /etc/sysconfig/pgsql and other bugs.
Sends audit messages connect to posgresql_server port
Reads its own process info
+ postgresql_signal(rgmanager_t)
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
@ 2009-11-12 21:51 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2009-11-12 21:51 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F12/services_postgresql.patch
New config dir, label for init script
connect to postgreql ports, uses pam sends audit messages.
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
2009-05-22 18:17 ` Daniel J Walsh
@ 2009-05-23 11:44 ` KaiGai Kohei
0 siblings, 0 replies; 10+ messages in thread
From: KaiGai Kohei @ 2009-05-23 11:44 UTC (permalink / raw)
To: refpolicy
Daniel J Walsh wrote:
> On 05/22/2009 10:51 AM, KaiGai Kohei wrote:
>> Daniel J Walsh wrote:
>>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
>>>
>>>
>>>
>>> Add _admin interface
>>> Type for init script,
>>>
>>> And I believe a couple of transtions to be to proc_t not proc_exec_t
>>
>> In the latest refpolicy, sepgsql_proc_t is an alias of
>> sepgsql_proc_exec_t.
>> Other procedure types also have xxxx_sepgsql_proc_exec_t, so it should
>> follow the convension.
>>
>> Thanks,
>
> ok. Did not make much sense to me, you are creating executables?
Yes, db_procedure class objects are executable stuff.
We assume xxxx_proc_exec_t types are assigned to SQL procedures.
SQL procedures are invoked and executed as a part of SQL query,
and some of them (with sepgsql_trusted_proc_exec_t) can causes
domain transition during execution of the procedure.
It is an analogy of executable programs in database.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
2009-05-22 14:51 ` KaiGai Kohei
@ 2009-05-22 18:17 ` Daniel J Walsh
2009-05-23 11:44 ` KaiGai Kohei
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-05-22 18:17 UTC (permalink / raw)
To: refpolicy
On 05/22/2009 10:51 AM, KaiGai Kohei wrote:
> Daniel J Walsh wrote:
>> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
>>
>>
>> Add _admin interface
>> Type for init script,
>>
>> And I believe a couple of transtions to be to proc_t not proc_exec_t
>
> In the latest refpolicy, sepgsql_proc_t is an alias of sepgsql_proc_exec_t.
> Other procedure types also have xxxx_sepgsql_proc_exec_t, so it should
> follow the convension.
>
> Thanks,
ok. Did not make much sense to me, you are creating executables?
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
2009-05-22 14:33 Daniel J Walsh
@ 2009-05-22 14:51 ` KaiGai Kohei
2009-05-22 18:17 ` Daniel J Walsh
0 siblings, 1 reply; 10+ messages in thread
From: KaiGai Kohei @ 2009-05-22 14:51 UTC (permalink / raw)
To: refpolicy
Daniel J Walsh wrote:
> http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
>
> Add _admin interface
> Type for init script,
>
> And I believe a couple of transtions to be to proc_t not proc_exec_t
In the latest refpolicy, sepgsql_proc_t is an alias of sepgsql_proc_exec_t.
Other procedure types also have xxxx_sepgsql_proc_exec_t, so it should
follow the convension.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
@ 2009-05-22 14:33 Daniel J Walsh
2009-05-22 14:51 ` KaiGai Kohei
0 siblings, 1 reply; 10+ messages in thread
From: Daniel J Walsh @ 2009-05-22 14:33 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
Add _admin interface
Type for init script,
And I believe a couple of transtions to be to proc_t not proc_exec_t
Added a transition on creation of sock_file
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
@ 2009-03-24 13:53 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2009-03-24 13:53 UTC (permalink / raw)
To: refpolicy
http://people.fedoraproject.org/~dwalsh/SELinux/F11/services_postgresql.patch
New interfaces for postgresql
fixes for sepostgresql
^ permalink raw reply [flat|nested] 10+ messages in thread
* [refpolicy] services_postgresql.patch
@ 2008-09-24 20:11 Daniel J Walsh
0 siblings, 0 replies; 10+ messages in thread
From: Daniel J Walsh @ 2008-09-24 20:11 UTC (permalink / raw)
To: refpolicy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://people.fedoraproject.org/~dwalsh/SELinux/F10/services_postgresql.patch
Add initrc script support
allow admin to start/stop service
Admin needs admin_pattern on all file types
New path to log files
Creates a sock_file in /var/run
fixes for sepostgresql
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkjanvAACgkQrlYvE4MpobMBvwCg2StOamKykAQSqgHsdgCyZpUL
8pYAn23x3k/LNjrhxfxMyy0CQSjdrRG+
=nA80
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2010-09-15 13:21 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-08-26 22:08 [refpolicy] services_postgresql.patch Daniel J Walsh
2010-09-15 13:21 ` Christopher J. PeBenito
-- strict thread matches above, loose matches on Subject: below --
2010-02-23 20:38 Daniel J Walsh
2009-11-12 21:51 Daniel J Walsh
2009-05-22 14:33 Daniel J Walsh
2009-05-22 14:51 ` KaiGai Kohei
2009-05-22 18:17 ` Daniel J Walsh
2009-05-23 11:44 ` KaiGai Kohei
2009-03-24 13:53 Daniel J Walsh
2008-09-24 20:11 Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.