Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
[v9.2] "database" object class of contrib/sepgsql
The attached patch is a portion that we splitted off when we added pg_shseclabel system catalog. It enables the control/sepgsql to assign security label on pg_database objects that are utilized as a basis to compute a default security label of schema object. Currently, we have an ugly assumption that all the pg_database entries are labeled as "system_u:object_r:sepgsql_db_t:s0", and default security label of schema is computed based on this assumption. See, sepgsql_schema_post_create() in sepgsql/schema.c It also enables initial labeling at sepgsql_restorecon() and permission checks on relabeling, however, nothing are checked any more. Thanks, -- KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
Attachment: pgsql-v9.2-sepgsql-database.v1.patch
Description: application/octet-stream (8.0 KB)
Description: application/octet-stream (8.0 KB)
Responses
- Re: [v9.2] "database" object class of contrib/sepgsql at 2011-09-23 21:11:39 from Robert Haas
pgsql-hackers by date
Next: From: Stephen Frost Date: 2011-09-12 09:55:42 Subject: Re: superusers are members of all roles? Previous: From: Andrew Dunstan Date: 2011-09-12 09:26:07 Subject: Re: psql additions