[refpolicy] [PATCH 2/2] Also apply the new postgres labeling scheme on Debian

Andreas Florath andre at flonatel.org
Sat Aug 16 14:25:15 EDT 2014


Sorry - forgot the 'allow_user_postgresql_connect' bool.
When applying your patch and setting this bool to on, the user can connect (as expected):

-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow               72288 Jul 24 13:57 createdb
-rwxr-xr-x. 1 root root system_u:object_r:bin_t:SystemLow              507128 Jul 24 13:57 psql

root at debselinux01:~# setsebool -P allow_user_postgresql_connect on
root at debselinux01:~# getsebool allow_user_postgresql_connect
allow_user_postgresql_connect --> on
root at debselinux01:~# logout
Connection to closed.
florath at pelias:~$ ssh -X dummy at
dummy at's password:
dummy at debselinux01:~$ id -Z
dummy at debselinux01:~$ createdb tst01
dummy at debselinux01:~$ psql tst01
psql (9.4beta2)
Type "help" for help.


Kind regards


More information about the refpolicy mailing list