| From: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [v9.2] "database" object class of contrib/sepgsql |
| Date: | 2011-09-12 09:45:04 |
| Message-ID: | CADyhKSUOGAPMxrCkphbbP6G_AAgGjqV89pwZ5i52cnh6=TO6jQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The attached patch is a portion that we splitted off when we added
pg_shseclabel system catalog.
It enables the control/sepgsql to assign security label on pg_database
objects that are utilized as a basis to compute a default security
label of schema object.
Currently, we have an ugly assumption that all the pg_database entries
are labeled as "system_u:object_r:sepgsql_db_t:s0", and default
security label of schema is computed based on this assumption. See,
sepgsql_schema_post_create() in sepgsql/schema.c
It also enables initial labeling at sepgsql_restorecon() and
permission checks on relabeling, however, nothing are checked any
more.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| Attachment | Content-Type | Size |
|---|---|---|
| pgsql-v9.2-sepgsql-database.v1.patch | application/octet-stream | 8.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2011-09-12 09:55:42 | Re: superusers are members of all roles? |
| Previous Message | Andrew Dunstan | 2011-09-12 09:26:07 | Re: psql additions |