Changeset 2713
- Timestamp:
- 06/10/08 10:33:18 (6 months ago)
- Files:
-
- trunk/Changelog (modified) (1 diff)
- trunk/policy/modules/kernel/kernel.if (modified) (1 diff)
- trunk/policy/modules/kernel/kernel.te (modified) (1 diff)
- trunk/policy/modules/services/apache.if (modified) (1 diff)
- trunk/policy/modules/services/apache.te (modified) (2 diffs)
- trunk/policy/modules/services/postgresql.fc (modified) (2 diffs)
- trunk/policy/modules/services/postgresql.if (modified) (2 diffs)
- trunk/policy/modules/services/postgresql.te (modified) (7 diffs)
- trunk/policy/modules/system/init.fc (modified) (1 diff)
- trunk/policy/modules/system/init.te (modified) (1 diff)
- trunk/policy/modules/system/libraries.te (modified) (2 diffs)
- trunk/policy/modules/system/unconfined.if (modified) (1 diff)
- trunk/policy/modules/system/unconfined.te (modified) (1 diff)
- trunk/policy/modules/system/userdomain.if (modified) (2 diffs)
- trunk/policy/modules/system/userdomain.te (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/Changelog
r2711 r2713 1 - SE-Postgresql policy from KaiGai Kohei. 1 2 - Patch for X.org dbus support from Martin Orr. 2 3 - Patch for labeled networking controls in 2.6.25 from Paul Moore. trunk/policy/modules/kernel/kernel.if
r2701 r2713 2554 2554 ######################################## 2555 2555 ## <summary> 2556 ## Relabel from unlabeled database objects. 2557 ## </summary> 2558 ## <param name="domain"> 2559 ## <summary> 2560 ## Domain allowed access. 2561 ## </summary> 2562 ## </param> 2563 # 2564 interface(`kernel_relabelfrom_unlabeled_database',` 2565 gen_require(` 2566 type unlabeled_t; 2567 class db_database { setattr relabelfrom }; 2568 class db_table { setattr relabelfrom }; 2569 class db_procedure { setattr relabelfrom }; 2570 class db_column { setattr relabelfrom }; 2571 class db_tuple { update relabelfrom }; 2572 class db_blob { setattr relabelfrom }; 2573 ') 2574 2575 allow $1 unlabeled_t:db_database { setattr relabelfrom }; 2576 allow $1 unlabeled_t:db_table { setattr relabelfrom }; 2577 allow $1 unlabeled_t:db_procedure { setattr relabelfrom }; 2578 allow $1 unlabeled_t:db_column { setattr relabelfrom }; 2579 allow $1 unlabeled_t:db_tuple { update relabelfrom }; 2580 allow $1 unlabeled_t:db_blob { setattr relabelfrom }; 2581 ') 2582 2583 ######################################## 2584 ## <summary> 2556 2585 ## Unconfined access to kernel module resources. 2557 2586 ## </summary> trunk/policy/modules/kernel/kernel.te
r2712 r2713 1 1 2 policy_module(kernel,1.9. 4)2 policy_module(kernel,1.9.5) 3 3 4 4 ######################################## trunk/policy/modules/services/apache.if
r2466 r2713 227 227 228 228 optional_policy(` 229 postgresql_unpriv_client(httpd_$1_script_t) 230 ') 231 232 optional_policy(` 229 233 nscd_socket_use(httpd_$1_script_t) 230 234 ') trunk/policy/modules/services/apache.te
r2668 r2713 1 1 2 policy_module(apache,1.9. 1)2 policy_module(apache,1.9.2) 3 3 4 4 # … … 476 476 # Allow httpd to work with postgresql 477 477 postgresql_stream_connect(httpd_t) 478 postgresql_unpriv_client(httpd_t) 478 479 479 480 tunable_policy(`httpd_can_network_connect_db',` trunk/policy/modules/services/postgresql.fc
r1926 r2713 7 7 # /usr 8 8 # 9 /usr/bin/initdb 10 /usr/bin/ postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0)9 /usr/bin/initdb(\.sepgsql)? -- gen_context(system_u:object_r:postgresql_exec_t,s0) 10 /usr/bin/(se)?postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0) 11 11 12 12 /usr/lib/pgsql/test/regres(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) … … 31 31 /var/lib/pgsql/pgstartup\.log gen_context(system_u:object_r:postgresql_log_t,s0) 32 32 33 /var/lib/sepgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0) 34 /var/lib/sepgsql/pgstartup\.log -- gen_context(system_u:object_r:postgresql_log_t,s0) 35 33 36 /var/log/postgres\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0) 34 37 /var/log/postgresql(/.*)? gen_context(system_u:object_r:postgresql_log_t,s0) 38 /var/log/sepostgresql\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0) 35 39 36 40 ifdef(`distro_redhat', ` trunk/policy/modules/services/postgresql.if
r2531 r2713 1 1 ## <summary>PostgreSQL relational database</summary> 2 3 ####################################### 4 ## <summary> 5 ## The userdomain template for the SE-PostgreSQL. 6 ## </summary> 7 ## <desc> 8 ## This template creates a delivered types which are used 9 ## for given userdomains. 10 ## </desc> 11 ## <param name="userdomain_prefix"> 12 ## <summary> 13 ## The prefix of the user domain (e.g., user 14 ## is the prefix for user_t). 15 ## </summary> 16 ## </param> 17 ## <param name="user_domain"> 18 ## <summary> 19 ## The type of the user domain. 20 ## </summary> 21 ## </param> 22 ## <param name="user_role"> 23 ## <summary> 24 ## The role associated with the user domain. 25 ## </summary> 26 ## </param> 27 # 28 template(`postgresql_userdom_template',` 29 gen_require(` 30 class db_database all_db_database_perms; 31 class db_table all_db_table_perms; 32 class db_procedure all_db_procedure_perms; 33 class db_column all_db_column_perms; 34 class db_tuple all_db_tuple_perms; 35 class db_blob all_db_blob_perms; 36 37 attribute sepgsql_client_type, sepgsql_database_type; 38 attribute sepgsql_sysobj_table_type; 39 40 type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t; 41 ') 42 43 ######################################## 44 # 45 # Declarations 46 # 47 48 typeattribute $2 sepgsql_client_type; 49 50 type $1_sepgsql_blob_t; 51 postgresql_blob_object($1_sepgsql_blob_t) 52 53 type $1_sepgsql_proc_t; 54 postgresql_procedure_object($1_sepgsql_proc_t) 55 56 type $1_sepgsql_sysobj_t; 57 postgresql_system_table_object($1_sepgsql_sysobj_t) 58 59 type $1_sepgsql_table_t; 60 postgresql_table_object($1_sepgsql_table_t) 61 62 role $3 types sepgsql_trusted_domain_t; 63 64 ############################## 65 # 66 # Client local policy 67 # 68 69 tunable_policy(`sepgsql_enable_users_ddl',` 70 allow $2 $1_sepgsql_table_t : db_table { create drop }; 71 type_transition $2 sepgsql_database_type:db_table $1_sepgsql_table_t; 72 73 allow $2 $1_sepgsql_table_t : db_column { create drop }; 74 75 allow $2 $1_sepgsql_sysobj_t : db_tuple { update insert delete }; 76 type_transition $2 sepgsql_sysobj_table_type:db_tuple $1_sepgsql_sysobj_t; 77 ') 78 79 allow $2 $1_sepgsql_table_t : db_table { getattr setattr use select update insert delete }; 80 allow $2 $1_sepgsql_table_t : db_column { getattr setattr use select update insert }; 81 allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete }; 82 allow $2 $1_sepgsql_sysobj_t : db_tuple { use select }; 83 84 allow $2 $1_sepgsql_proc_t : db_procedure { create drop getattr setattr execute }; 85 type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_t; 86 87 allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write }; 88 type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t; 89 90 allow $2 sepgsql_trusted_domain_t:process transition; 91 type_transition $2 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t; 92 ') 93 94 ######################################## 95 ## <summary> 96 ## Marks as a SE-PostgreSQL loadable shared library module 97 ## </summary> 98 ## <param name="type"> 99 ## <summary> 100 ## Type marked as a database object type. 101 ## </summary> 102 ## </param> 103 # 104 interface(`postgresql_loadable_module',` 105 gen_require(` 106 attribute sepgsql_module_type; 107 ') 108 109 typeattribute $1 sepgsql_module_type; 110 ') 111 112 ######################################## 113 ## <summary> 114 ## Marks as a SE-PostgreSQL database object type 115 ## </summary> 116 ## <param name="type"> 117 ## <summary> 118 ## Type marked as a database object type. 119 ## </summary> 120 ## </param> 121 # 122 interface(`postgresql_database_object',` 123 gen_require(` 124 attribute sepgsql_database_type; 125 ') 126 127 typeattribute $1 sepgsql_database_type; 128 ') 129 130 ######################################## 131 ## <summary> 132 ## Marks as a SE-PostgreSQL table/column/tuple object type 133 ## </summary> 134 ## <param name="type"> 135 ## <summary> 136 ## Type marked as a table/column/tuple object type. 137 ## </summary> 138 ## </param> 139 # 140 interface(`postgresql_table_object',` 141 gen_require(` 142 attribute sepgsql_table_type; 143 ') 144 145 typeattribute $1 sepgsql_table_type; 146 ') 147 148 ######################################## 149 ## <summary> 150 ## Marks as a SE-PostgreSQL system table/column/tuple object type 151 ## </summary> 152 ## <param name="type"> 153 ## <summary> 154 ## Type marked as a table/column/tuple object type. 155 ## </summary> 156 ## </param> 157 # 158 interface(`postgresql_system_table_object',` 159 gen_require(` 160 attribute sepgsql_table_type; 161 attribute sepgsql_sysobj_table_type; 162 ') 163 164 typeattribute $1 sepgsql_table_type; 165 typeattribute $1 sepgsql_sysobj_table_type; 166 ') 167 168 ######################################## 169 ## <summary> 170 ## Marks as a SE-PostgreSQL procedure object type 171 ## </summary> 172 ## <param name="type"> 173 ## <summary> 174 ## Type marked as a database object type. 175 ## </summary> 176 ## </param> 177 # 178 interface(`postgresql_procedure_object',` 179 gen_require(` 180 attribute sepgsql_procedure_type; 181 ') 182 183 typeattribute $1 sepgsql_procedure_type; 184 ') 185 186 ######################################## 187 ## <summary> 188 ## Marks as a SE-PostgreSQL binary large object type 189 ## </summary> 190 ## <param name="type"> 191 ## <summary> 192 ## Type marked as a database binary large object type. 193 ## </summary> 194 ## </param> 195 # 196 interface(`postgresql_blob_object',` 197 gen_require(` 198 attribute sepgsql_blob_type; 199 ') 200 201 typeattribute $1 sepgsql_blob_type; 202 ') 2 203 3 204 ######################################## … … 121 322 allow $1 postgresql_tmp_t:sock_file write; 122 323 ') 324 325 ######################################## 326 ## <summary> 327 ## Allow the specified domain unprivileged accesses to unifined database objects 328 ## managed by SE-PostgreSQL, 329 ## </summary> 330 ## <param name="domain"> 331 ## <summary> 332 ## Domain allowed access. 333 ## </summary> 334 ## </param> 335 # 336 interface(`postgresql_unpriv_client',` 337 gen_require(` 338 class db_table all_db_table_perms; 339 class db_procedure all_db_procedure_perms; 340 class db_blob all_db_blob_perms; 341 342 attribute sepgsql_client_type; 343 attribute sepgsql_database_type; 344 345 type sepgsql_table_t, sepgsql_proc_t, sepgsql_blob_t; 346 347 type sepgsql_trusted_proc_t, sepgsql_trusted_domain_t; 348 ') 349 350 typeattribute $1 sepgsql_client_type; 351 352 type_transition $1 sepgsql_database_type:db_table sepgsql_table_t; 353 type_transition $1 sepgsql_database_type:db_procedure sepgsql_proc_t; 354 type_transition $1 sepgsql_database_type:db_blob sepgsql_blob_t; 355 356 type_transition $1 sepgsql_trusted_proc_t:process sepgsql_trusted_domain_t; 357 allow $1 sepgsql_trusted_domain_t:process transition; 358 ') 359 360 ######################################## 361 ## <summary> 362 ## Allow the specified domain unconfined accesses to any database objects 363 ## managed by SE-PostgreSQL, 364 ## </summary> 365 ## <param name="domain"> 366 ## <summary> 367 ## Domain allowed access. 368 ## </summary> 369 ## </param> 370 # 371 interface(`postgresql_unconfined',` 372 gen_require(` 373 attribute sepgsql_unconfined_type; 374 ') 375 376 typeattribute $1 sepgsql_unconfined_type; 377 ') trunk/policy/modules/services/postgresql.te
r2668 r2713 1 1 2 policy_module(postgresql,1.5.1) 2 policy_module(postgresql, 1.5.2) 3 4 gen_require(` 5 class db_database all_db_database_perms; 6 class db_table all_db_table_perms; 7 class db_procedure all_db_procedure_perms; 8 class db_column all_db_column_perms; 9 class db_tuple all_db_tuple_perms; 10 class db_blob all_db_blob_perms; 11 ') 3 12 4 13 ################################# … … 6 15 # Declarations 7 16 # 17 18 ## <desc> 19 ## <p> 20 ## Allow unprived users to execute DDL statement 21 ## </p> 22 ## </desc> 23 gen_tunable(sepgsql_enable_users_ddl, true) 24 8 25 type postgresql_t; 9 26 type postgresql_exec_t; … … 27 44 type postgresql_var_run_t; 28 45 files_pid_file(postgresql_var_run_t) 46 47 # database clients attribute 48 attribute sepgsql_client_type; 49 attribute sepgsql_unconfined_type; 50 51 # database objects attribute 52 attribute sepgsql_database_type; 53 attribute sepgsql_table_type; 54 attribute sepgsql_sysobj_table_type; 55 attribute sepgsql_procedure_type; 56 attribute sepgsql_blob_type; 57 attribute sepgsql_module_type; 58 59 # database object types 60 type sepgsql_blob_t; 61 postgresql_blob_object(sepgsql_blob_t) 62 63 type sepgsql_db_t; 64 postgresql_database_object(sepgsql_db_t) 65 66 type sepgsql_fixed_table_t; 67 postgresql_table_object(sepgsql_fixed_table_t) 68 69 type sepgsql_proc_t; 70 postgresql_procedure_object(sepgsql_proc_t) 71 72 type sepgsql_ro_blob_t; 73 postgresql_blob_object(sepgsql_ro_blob_t) 74 75 type sepgsql_ro_table_t; 76 postgresql_table_object(sepgsql_ro_table_t) 77 78 type sepgsql_secret_blob_t; 79 postgresql_blob_object(sepgsql_secret_blob_t) 80 81 type sepgsql_secret_table_t; 82 postgresql_table_object(sepgsql_secret_table_t) 83 84 type sepgsql_sysobj_t; 85 postgresql_system_table_object(sepgsql_sysobj_t) 86 87 type sepgsql_table_t; 88 postgresql_table_object(sepgsql_table_t) 89 90 type sepgsql_trusted_proc_t; 91 postgresql_procedure_object(sepgsql_trusted_proc_t) 92 93 # Trusted Procedure Domain 94 type sepgsql_trusted_domain_t; 95 domain_type(sepgsql_trusted_domain_t) 96 postgresql_unconfined(sepgsql_trusted_domain_t) 97 role system_r types sepgsql_trusted_domain_t; 29 98 30 99 ######################################## … … 43 112 allow postgresql_t self:unix_dgram_socket create_socket_perms; 44 113 allow postgresql_t self:unix_stream_socket create_stream_socket_perms; 114 allow postgresql_t self:netlink_selinux_socket create_socket_perms; 115 116 allow postgresql_t sepgsql_database_type:db_database *; 117 type_transition postgresql_t postgresql_t:db_database sepgsql_db_t; 118 119 allow postgresql_t sepgsql_module_type:db_database install_module; 120 # Database/Loadable module 121 allow sepgsql_database_type sepgsql_module_type:db_database load_module; 122 123 allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *; 124 type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t; 125 126 allow postgresql_t sepgsql_procedure_type:db_procedure *; 127 type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t; 128 129 allow postgresql_t sepgsql_blob_type:db_blob *; 130 type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t; 45 131 46 132 manage_dirs_pattern(postgresql_t,postgresql_db_t,postgresql_db_t) … … 102 188 fs_search_auto_mountpoints(postgresql_t) 103 189 190 selinux_get_enforce_mode(postgresql_t) 191 selinux_validate_context(postgresql_t) 192 selinux_compute_access_vector(postgresql_t) 193 selinux_compute_create_context(postgresql_t) 194 selinux_compute_relabel_context(postgresql_t) 195 104 196 term_use_controlling_term(postgresql_t) 105 197 … … 127 219 miscfiles_read_localization(postgresql_t) 128 220 129 seutil_ dontaudit_search_config(postgresql_t)221 seutil_libselinux_linked(postgresql_t) 130 222 131 223 userdom_dontaudit_use_unpriv_user_fds(postgresql_t) … … 168 260 udev_read_db(postgresql_t) 169 261 ') 262 263 ######################################## 264 # 265 # Rules common to all clients 266 # 267 268 allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param }; 269 type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t; 270 271 allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert }; 272 allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert }; 273 allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert }; 274 275 allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete }; 276 allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert }; 277 allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete }; 278 279 allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select }; 280 allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select }; 281 allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select }; 282 283 allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr; 284 allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr; 285 286 allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select }; 287 allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select }; 288 allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select }; 289 290 allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute }; 291 allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint }; 292 293 allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write }; 294 allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read }; 295 allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr; 296 297 # The purpose of the dontaudit rule in row-level access control is to prevent a flood of logs. 298 # If a client tries to SELECT a table including violated tuples, these are filtered from 299 # the result set as if not exist, but its access denied longs can be recorded within log files. 300 # In generally, the number of tuples are much larger than the number of columns, tables and so on. 301 # So, it makes a flood of logs when many tuples are violated. 302 # 303 # The default policy does not prevent anything for sepgsql_client_type sepgsql_unconfined_type, 304 # so we don't need "dontaudit" rules in Type-Enforcement. However, MLS/MCS can prevent them 305 # to access classified tuples and can make a audit record. 306 # 307 # Therefore, the following rule is applied for any domains which can connect SE-PostgreSQL. 308 dontaudit { postgresql_t sepgsql_client_type sepgsql_unconfined_type } { sepgsql_table_type -sepgsql_sysobj_table_type }:db_tuple { use select update insert delete }; 309 310 tunable_policy(`sepgsql_enable_users_ddl',` 311 allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr }; 312 allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr }; 313 allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete }; 314 ') 315 316 ######################################## 317 # 318 # Unconfined access to this module 319 # 320 321 allow sepgsql_unconfined_type sepgsql_database_type:db_database *; 322 type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t; 323 324 type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t; 325 type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t; 326 type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t; 327 328 allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *; 329 330 # unconfined domain is not allowed to invoke user defined procedure directly. 331 # They have to confirm and relabel it at first. 332 allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *; 333 allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto }; 334 335 allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *; 336 337 allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module; 338 339 kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type) trunk/policy/modules/system/init.fc
r2441 r2713 39 39 # /usr 40 40 # 41 /usr/bin/sepg_ctl -- gen_context(system_u:object_r:initrc_exec_t,s0) 42 41 43 /usr/libexec/dcc/start-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) 42 44 /usr/libexec/dcc/stop-.* -- gen_context(system_u:object_r:initrc_exec_t,s0) trunk/policy/modules/system/init.te
r2668 r2713 1 1 2 policy_module(init,1.10. 1)2 policy_module(init,1.10.2) 3 3 4 4 gen_require(` trunk/policy/modules/system/libraries.te
r2656 r2713 1 1 2 policy_module(libraries,2.1. 0)2 policy_module(libraries,2.1.1) 3 3 4 4 ######################################## … … 39 39 type textrel_shlib_t alias texrel_shlib_t; 40 40 files_type(textrel_shlib_t) 41 42 optional_policy(` 43 postgresql_loadable_module(lib_t) 44 postgresql_loadable_module(textrel_shlib_t) 45 ') 41 46 42 47 ######################################## trunk/policy/modules/system/unconfined.if
r2655 r2713 89 89 90 90 optional_policy(` 91 postgresql_unconfined($1) 92 ') 93 94 optional_policy(` 91 95 seutil_create_bin_policy($1) 92 96 seutil_relabelto_bin_policy($1) trunk/policy/modules/system/unconfined.te
r2703 r2713 1 1 2 policy_module(unconfined, 2.2. 1)2 policy_module(unconfined, 2.2.2) 3 3 4 4 ######################################## trunk/policy/modules/system/userdomain.if
r2694 r2713 1198 1198 ') 1199 1199 1200 optional_policy(` 1201 postgresql_userdom_template($1,$1_t,$1_r) 1202 ') 1203 1200 1204 # Run pppd in pppd_t by default for user 1201 1205 optional_policy(` … … 1368 1372 1369 1373 optional_policy(` 1374 postgresql_unconfined($1_t) 1375 ') 1376 1377 optional_policy(` 1370 1378 userhelper_exec($1_t) 1371 1379 ') trunk/policy/modules/system/userdomain.te
r2668 r2713 1 1 2 policy_module(userdomain, 3.0. 1)2 policy_module(userdomain, 3.0.2) 3 3 4 4 ########################################
