[refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian

Luis Ressel aranea at aixah.de
Tue Aug 12 08:35:58 EDT 2014


I'm sure this is the right thing to do; however, the Debian developers
might want to have a say in this, so I made a separate patch.
---
 policy/modules/services/postgresql.fc | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/policy/modules/services/postgresql.fc b/policy/modules/services/postgresql.fc
index 78a7464..d3bc4bb 100644
--- a/policy/modules/services/postgresql.fc
+++ b/policy/modules/services/postgresql.fc
@@ -16,20 +16,16 @@
 /usr/lib/pgsql/test/regress(/.*)?	gen_context(system_u:object_r:postgresql_db_t,s0)
 /usr/lib/pgsql/test/regress/pg_regress -- gen_context(system_u:object_r:postgresql_exec_t,s0)
 
-/usr/lib/postgresql(-.*)?/bin/pg_archivecleanup	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_basebackup	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_controldata	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_ctl		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_resetxlog	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_standby	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_upgrade	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/pg_xlogdump	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/postgres		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-/usr/lib/postgresql(-.*)?/bin/postmaster	-l	gen_context(system_u:object_r:postgresql_exec_t,s0)
-
-ifdef(`distro_debian', `
-/usr/lib/postgresql/.*/bin/.*	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
-')
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_archivecleanup	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_basebackup	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_controldata	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_ctl		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_resetxlog	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_standby		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_upgrade		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/pg_xlogdump		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/postgres		--	gen_context(system_u:object_r:postgresql_exec_t,s0)
+/usr/lib/postgresql(-.*)?/(.*/)?bin/postmaster		-l	gen_context(system_u:object_r:postgresql_exec_t,s0)
 
 ifdef(`distro_redhat', `
 /usr/share/jonas/pgsql(/.*)?		gen_context(system_u:object_r:postgresql_db_t,s0)
-- 
2.0.4



More information about the refpolicy mailing list