Skip site navigation (1) Skip section navigation (2)

[v9.2] "database" object class of contrib/sepgsql

From: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
To: PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: [v9.2] "database" object class of contrib/sepgsql
Date: 2011-09-12 09:45:04
Message-ID: CADyhKSUOGAPMxrCkphbbP6G_AAgGjqV89pwZ5i52cnh6=TO6jQ@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
The attached patch is a portion that we splitted off when we added
pg_shseclabel system catalog.

It enables the control/sepgsql to assign security label on pg_database
objects that are utilized as a basis to compute a default security
label of schema object.
Currently, we have an ugly assumption that all the pg_database entries
are labeled as "system_u:object_r:sepgsql_db_t:s0", and default
security label of schema is computed based on this assumption. See,
sepgsql_schema_post_create() in sepgsql/schema.c

It also enables initial labeling at sepgsql_restorecon() and
permission checks on relabeling, however, nothing are checked any
more.

Thanks,
-- 
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

Attachment: pgsql-v9.2-sepgsql-database.v1.patch
Description: application/octet-stream (8.0 KB)

Responses

pgsql-hackers by date

Next:From: Stephen FrostDate: 2011-09-12 09:55:42
Subject: Re: superusers are members of all roles?
Previous:From: Andrew DunstanDate: 2011-09-12 09:26:07
Subject: Re: psql additions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group