[refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian

Andreas Florath andre at flonatel.org
Sat Aug 16 14:25:15 EDT 2014


Hello!

Sorry - forgot the 'allow_user_postgresql_connect' bool.
When applying your patch and setting this bool to on, the user can connect (as expected):

-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow               72288 Jul 24 13:57 createdb
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow              507128 Jul 24 13:57 psql

root at debselinux01:~# setsebool -P allow_user_postgresql_connect on
root at debselinux01:~# getsebool allow_user_postgresql_connect
allow_user_postgresql_connect --> on
root at debselinux01:~# logout
Connection to 192.168.122.22 closed.
florath at pelias:~$ ssh -X dummy at 192.168.122.22
dummy at 192.168.122.22's password:
dummy at debselinux01:~$ id -Z
user_u:user_r:user_t:SystemLow
dummy at debselinux01:~$ createdb tst01
dummy at debselinux01:~$ psql tst01
psql (9.4beta2)
Type "help" for help.

tst01=>

Kind regards

Andre



More information about the refpolicy mailing list