rpms/sepostgresql/devel sepostgresql.init, 1.6, 1.7 sepostgresql.spec, 1.6, 1.7 sepostgresql.te, 1.6, 1.7
KaiGai Kohei (kaigai)
fedora-extras-commits at redhat.com
Tue Nov 20 16:19:08 UTC 2007
- Previous message (by thread): rpms/phpMyAdmin/devel .cvsignore, 1.10, 1.11 phpMyAdmin.spec, 1.13, 1.14 sources, 1.10, 1.11
- Next message (by thread): rpms/sepostgresql/F-8 sepostgresql.init, 1.6, 1.7 sepostgresql.spec, 1.6, 1.7 sepostgresql.te, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21522
Modified Files:
sepostgresql.init sepostgresql.spec sepostgresql.te
Log Message:
Add a security policy hotfix for labeled networking.
It enables client domains to communicate SE-PostgreSQL.
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.init,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sepostgresql.init 1 Nov 2007 14:00:32 -0000 1.6
+++ sepostgresql.init 20 Nov 2007 16:18:34 -0000 1.7
@@ -9,7 +9,7 @@
PGVERSION="8.2.5"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'`
-SEPGVERSION="1.51"
+SEPGVERSION="1.66"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.spec,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sepostgresql.spec 1 Nov 2007 14:00:32 -0000 1.6
+++ sepostgresql.spec 20 Nov 2007 16:18:34 -0000 1.7
@@ -13,7 +13,7 @@
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.2.5
-Release: 1.51%{?sepgsql_extension}%{?dist}
+Release: 1.66%{?sepgsql_extension}%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
@@ -208,6 +208,9 @@
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
+* Wed Nov 21 2007 <kaigai at kaigai.gr.jp> - 8.2.5-1.66
+- Add a policy module hotfix for labeled networking
+
* Thu Nov 1 2007 <kaigai at kaigai.gr.jp> - 8.2.5-1.51
- Re-organize repository to prepare to branch 8.3.x based tree.
(no differences from 8.2.5-1.33)
Index: sepostgresql.te
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.te,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- sepostgresql.te 1 Nov 2007 14:00:32 -0000 1.6
+++ sepostgresql.te 20 Nov 2007 16:18:34 -0000 1.7
@@ -1,4 +1,4 @@
-policy_module(sepostgresql, 1.51)
+policy_module(sepostgresql, 1.66)
gen_require(`
all_userspace_class_perms
@@ -281,3 +281,30 @@
tunable_policy(`! sepgsql_enable_audittuple || ! sepgsql_enable_auditdeny',`
dontaudit domain sepgsql_table_type : db_tuple all_db_tuple_perms;
')
+
+########################################
+#
+# Hotfixes for labeled networking
+#
+# NOTE: These changes are to be merged in the later releases.
+optional_policy(`
+ gen_require(`
+ attribute sepgsql_server_type;
+ attribute sepgsql_users_domain;
+ attribute unconfined_domain_type;
+ type unlabeled_t;
+ type ipsec_spd_t;
+ type racoon_t;
+ ')
+ # allow unconfined_t to set default SPD context
+ allow unconfined_domain_type ipsec_spd_t : association { setcontext };
+ # allow server/client domain to communicate via default SPD context
+ allow { sepgsql_server_type sepgsql_users_domain } ipsec_spd_t : association { polmatch };
+ allow { sepgsql_server_type sepgsql_users_domain } self : association { sendto };
+ allow sepgsql_server_type sepgsql_users_domain : { association tcp_socket } recvfrom;
+ allow sepgsql_users_domain sepgsql_server_type : { association tcp_socket } recvfrom;
+ # racoon_t/unlabeled_t related
+ allow unlabeled_t self : association { sendto };
+ allow unlabeled_t ipsec_spd_t : association { polmatch };
+ allow racoon_t unlabeled_t : association { setcontext };
+')
- Previous message (by thread): rpms/phpMyAdmin/devel .cvsignore, 1.10, 1.11 phpMyAdmin.spec, 1.13, 1.14 sources, 1.10, 1.11
- Next message (by thread): rpms/sepostgresql/F-8 sepostgresql.init, 1.6, 1.7 sepostgresql.spec, 1.6, 1.7 sepostgresql.te, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list