rpms/sepostgresql/devel sepostgresql-8.2.4-0.434.patch, NONE, 1.1 sepostgresql-fedora-prefix.patch, NONE, 1.1 sepostgresql.8, NONE, 1.1 sepostgresql.fc, NONE, 1.1 sepostgresql.if, NONE, 1.1 sepostgresql.init, NONE, 1.1 sepostgresql.spec, NONE, 1.1 sepostgresql.te, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
KaiGai Kohei (kaigai)
fedora-extras-commits at redhat.com
Sat Sep 1 13:08:04 UTC 2007
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv29424/devel
Modified Files:
.cvsignore sources
Added Files:
sepostgresql-8.2.4-0.434.patch
sepostgresql-fedora-prefix.patch sepostgresql.8
sepostgresql.fc sepostgresql.if sepostgresql.init
sepostgresql.spec sepostgresql.te
Log Message:
import sepostgresql-8.2.4-0.434 as the initial version in Fedora rawhide
sepostgresql-8.2.4-0.434.patch:
--- NEW FILE sepostgresql-8.2.4-0.434.patch ---
diff -rpNU3 postgresql-8.2.4/configure.in sepostgresql-8.2.4/configure.in
--- postgresql-8.2.4/configure.in 2007-04-20 12:20:42.000000000 +0900
+++ sepostgresql-8.2.4/configure.in 2007-04-29 13:49:53.000000000 +0900
@@ -539,6 +539,19 @@ PGAC_ARG_BOOL(with, zlib, yes,
AC_SUBST(with_zlib)
#
+# NSA SELinux support
+#
+PGAC_ARG_BOOL(enable, selinux, no,
+ [ --enable-selinux build with NSA SELinux support])
+if test "$enable_selinux" = yes; then
+ AC_CHECK_LIB(selinux, getpeercon,
+ AC_DEFINE(SECURITY_SYSATTR_NAME, "security_context")
+ AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1)
+ AC_SUBST(enable_selinux),
+ AC_MSG_ERROR("libselinux didn't found."))
+fi
+
+#
# Elf
#
Binary files postgresql-8.2.4/doc/postgres.tar.gz and sepostgresql-8.2.4/doc/postgres.tar.gz differ
diff -rpNU3 postgresql-8.2.4/src/Makefile.global.in sepostgresql-8.2.4/src/Makefile.global.in
--- postgresql-8.2.4/src/Makefile.global.in 2006-10-09 02:15:33.000000000 +0900
+++ sepostgresql-8.2.4/src/Makefile.global.in 2007-08-28 09:33:36.000000000 +0900
@@ -159,6 +159,7 @@ enable_nls = @enable_nls@
enable_debug = @enable_debug@
enable_dtrace = @enable_dtrace@
enable_thread_safety = @enable_thread_safety@
+enable_selinux = @enable_selinux@
python_includespec = @python_includespec@
python_libdir = @python_libdir@
diff -rpNU3 postgresql-8.2.4/src/backend/Makefile sepostgresql-8.2.4/src/backend/Makefile
--- postgresql-8.2.4/src/backend/Makefile 2006-10-09 02:15:33.000000000 +0900
+++ sepostgresql-8.2.4/src/backend/Makefile 2007-02-13 03:22:30.000000000 +0900
@@ -15,7 +15,7 @@ include $(top_builddir)/src/Makefile.glo
DIRS := access bootstrap catalog parser commands executor lib libpq \
main nodes optimizer port postmaster regex rewrite \
- storage tcop utils $(top_builddir)/src/timezone
+ security storage tcop utils $(top_builddir)/src/timezone
SUBSYSOBJS := $(DIRS:%=%/SUBSYS.o)
@@ -31,6 +31,11 @@ LIBS := $(filter-out -lpgport, $(LIBS))
# The backend doesn't need everything that's in LIBS, however
LIBS := $(filter-out -lz -lreadline -ledit -ltermcap -lncurses -lcurses, $(LIBS))
+# SELinux support needs to link libselinux
+ifeq ($(enable_selinux), yes)
+LIBS += -lselinux
+endif
+
##########################################################################
all: submake-libpgport postgres $(POSTGRES_IMP)
diff -rpNU3 postgresql-8.2.4/src/backend/access/common/heaptuple.c sepostgresql-8.2.4/src/backend/access/common/heaptuple.c
--- postgresql-8.2.4/src/backend/access/common/heaptuple.c 2006-11-23 14:27:18.000000000 +0900
+++ sepostgresql-8.2.4/src/backend/access/common/heaptuple.c 2007-04-10 21:02:02.000000000 +0900
@@ -26,6 +26,7 @@
#include "access/heapam.h"
#include "access/tuptoaster.h"
#include "executor/tuptable.h"
+#include "security/pgace.h"
/* ----------------------------------------------------------------
@@ -314,6 +315,9 @@ heap_attisnull(HeapTuple tup, int attnum
case MinCommandIdAttributeNumber:
case MaxTransactionIdAttributeNumber:
case MaxCommandIdAttributeNumber:
+#ifdef SECURITY_SYSATTR_NAME
+ case SecurityAttributeNumber:
+#endif
/* these are never null */
break;
@@ -593,6 +597,11 @@ heap_getsysattr(HeapTuple tup, int attnu
case TableOidAttributeNumber:
result = ObjectIdGetDatum(tup->t_tableOid);
break;
+#ifdef SECURITY_SYSATTR_NAME
+ case SecurityAttributeNumber:
+ result = ObjectIdGetDatum(HeapTupleGetSecurity(tup));
+ break;
+#endif
default:
elog(ERROR, "invalid attnum: %d", attnum);
result = 0; /* keep compiler quiet */
@@ -624,6 +633,7 @@ heap_copytuple(HeapTuple tuple)
newTuple->t_tableOid = tuple->t_tableOid;
newTuple->t_data = (HeapTupleHeader) ((char *) newTuple + HEAPTUPLESIZE);
memcpy((char *) newTuple->t_data, (char *) tuple->t_data, tuple->t_len);
+ HeapTupleSetSecurity(newTuple, HeapTupleGetSecurity(tuple));
return newTuple;
}
@@ -650,6 +660,7 @@ heap_copytuple_with_tuple(HeapTuple src,
dest->t_tableOid = src->t_tableOid;
dest->t_data = (HeapTupleHeader) palloc(src->t_len);
memcpy((char *) dest->t_data, (char *) src->t_data, src->t_len);
+ HeapTupleSetSecurity(dest, HeapTupleGetSecurity(src));
}
/*
@@ -928,6 +939,7 @@ heap_modify_tuple(HeapTuple tuple,
newTuple->t_tableOid = tuple->t_tableOid;
if (tupleDesc->tdhasoid)
HeapTupleSetOid(newTuple, HeapTupleGetOid(tuple));
+ HeapTupleSetSecurity(newTuple, HeapTupleGetSecurity(tuple));
return newTuple;
}
@@ -1000,6 +1012,7 @@ heap_modifytuple(HeapTuple tuple,
newTuple->t_tableOid = tuple->t_tableOid;
if (tupleDesc->tdhasoid)
HeapTupleSetOid(newTuple, HeapTupleGetOid(tuple));
+ HeapTupleSetSecurity(newTuple, HeapTupleGetSecurity(tuple));
return newTuple;
}
diff -rpNU3 postgresql-8.2.4/src/backend/access/heap/heapam.c sepostgresql-8.2.4/src/backend/access/heap/heapam.c
--- postgresql-8.2.4/src/backend/access/heap/heapam.c 2007-02-05 05:00:49.000000000 +0900
+++ sepostgresql-8.2.4/src/backend/access/heap/heapam.c 2007-04-10 02:49:22.000000000 +0900
@@ -49,6 +49,7 @@
#include "catalog/namespace.h"
#include "miscadmin.h"
#include "pgstat.h"
+#include "security/pgace.h"
#include "storage/procarray.h"
#include "utils/inval.h"
#include "utils/lsyscache.h"
@@ -1408,6 +1409,7 @@ heap_insert(Relation relation, HeapTuple
HeapTupleHeaderSetXmax(tup->t_data, 0); /* zero out Datum fields */
HeapTupleHeaderSetCmax(tup->t_data, 0); /* for cleanliness */
tup->t_tableOid = RelationGetRelid(relation);
+ pgaceHeapInsert(relation, tup);
/*
* If the new tuple is too big for storage or contains already toasted
@@ -1454,6 +1456,7 @@ heap_insert(Relation relation, HeapTuple
rdata[0].buffer = InvalidBuffer;
rdata[0].next = &(rdata[1]);
+ xlhdr.t_security = HeapTupleGetSecurity(heaptup);
xlhdr.t_natts = heaptup->t_data->t_natts;
xlhdr.t_infomask = heaptup->t_data->t_infomask;
xlhdr.t_hoff = heaptup->t_data->t_hoff;
@@ -1531,6 +1534,7 @@ heap_insert(Relation relation, HeapTuple
Oid
simple_heap_insert(Relation relation, HeapTuple tup)
{
+ pgaceSimpleHeapInsert(relation, tup);
return heap_insert(relation, tup, GetCurrentCommandId(), true, true);
}
@@ -1583,6 +1587,7 @@ heap_delete(Relation relation, ItemPoint
tp.t_data = (HeapTupleHeader) PageGetItem(dp, lp);
tp.t_len = ItemIdGetLength(lp);
tp.t_self = *tid;
+ pgaceHeapDelete(relation, &tp);
l1:
result = HeapTupleSatisfiesUpdate(tp.t_data, cid, buffer);
@@ -1805,6 +1810,7 @@ simple_heap_delete(Relation relation, It
ItemPointerData update_ctid;
TransactionId update_xmax;
+ pgaceSimpleHeapDelete(relation, tid);
result = heap_delete(relation, tid,
&update_ctid, &update_xmax,
GetCurrentCommandId(), InvalidSnapshot,
@@ -2046,6 +2052,7 @@ l2:
HeapTupleHeaderSetCmin(newtup->t_data, cid);
HeapTupleHeaderSetXmax(newtup->t_data, 0); /* zero out Datum fields */
HeapTupleHeaderSetCmax(newtup->t_data, 0); /* for cleanliness */
+ pgaceHeapUpdate(relation, newtup, &oldtup);
/*
* If the toaster needs to be activated, OR if the new tuple will not fit
@@ -2261,6 +2268,7 @@ simple_heap_update(Relation relation, It
ItemPointerData update_ctid;
TransactionId update_xmax;
+ pgaceSimpleHeapUpdate(relation, otid, tup);
result = heap_update(relation, otid, tup,
&update_ctid, &update_xmax,
GetCurrentCommandId(), InvalidSnapshot,
@@ -3206,6 +3214,7 @@ log_heap_update(Relation reln, Buffer ol
xlhdr.hdr.t_natts = newtup->t_data->t_natts;
xlhdr.hdr.t_infomask = newtup->t_data->t_infomask;
xlhdr.hdr.t_hoff = newtup->t_data->t_hoff;
+ xlhdr.hdr.t_security = HeapTupleGetSecurity(newtup);
if (move) /* remember xmax & xmin */
{
TransactionId xid[2]; /* xmax, xmin */
[...8179 lines suppressed...]
+#define COMMON_DATABASE__CREATE 0x00000001UL
+#define COMMON_DATABASE__DROP 0x00000002UL
+#define COMMON_DATABASE__GETATTR 0x00000004UL
+#define COMMON_DATABASE__SETATTR 0x00000008UL
+#define COMMON_DATABASE__RELABELFROM 0x00000010UL
+#define COMMON_DATABASE__RELABELTO 0x00000020UL
+
+#define DB_DATABASE__CREATE 0x00000001UL
+#define DB_DATABASE__DROP 0x00000002UL
+#define DB_DATABASE__GETATTR 0x00000004UL
+#define DB_DATABASE__SETATTR 0x00000008UL
+#define DB_DATABASE__RELABELFROM 0x00000010UL
+#define DB_DATABASE__RELABELTO 0x00000020UL
+#define DB_DATABASE__ACCESS 0x00000040UL
+#define DB_DATABASE__INSTALL_MODULE 0x00000080UL
+#define DB_DATABASE__LOAD_MODULE 0x00000100UL
+#define DB_DATABASE__GET_PARAM 0x00000200UL
+#define DB_DATABASE__SET_PARAM 0x00000400UL
+#define DB_TABLE__CREATE 0x00000001UL
+#define DB_TABLE__DROP 0x00000002UL
+#define DB_TABLE__GETATTR 0x00000004UL
+#define DB_TABLE__SETATTR 0x00000008UL
+#define DB_TABLE__RELABELFROM 0x00000010UL
+#define DB_TABLE__RELABELTO 0x00000020UL
+#define DB_TABLE__USE 0x00000040UL
+#define DB_TABLE__SELECT 0x00000080UL
+#define DB_TABLE__UPDATE 0x00000100UL
+#define DB_TABLE__INSERT 0x00000200UL
+#define DB_TABLE__DELETE 0x00000400UL
+#define DB_TABLE__LOCK 0x00000800UL
+#define DB_PROCEDURE__CREATE 0x00000001UL
+#define DB_PROCEDURE__DROP 0x00000002UL
+#define DB_PROCEDURE__GETATTR 0x00000004UL
+#define DB_PROCEDURE__SETATTR 0x00000008UL
+#define DB_PROCEDURE__RELABELFROM 0x00000010UL
+#define DB_PROCEDURE__RELABELTO 0x00000020UL
+#define DB_PROCEDURE__EXECUTE 0x00000040UL
+#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL
+#define DB_COLUMN__CREATE 0x00000001UL
+#define DB_COLUMN__DROP 0x00000002UL
+#define DB_COLUMN__GETATTR 0x00000004UL
+#define DB_COLUMN__SETATTR 0x00000008UL
+#define DB_COLUMN__RELABELFROM 0x00000010UL
+#define DB_COLUMN__RELABELTO 0x00000020UL
+#define DB_COLUMN__USE 0x00000040UL
+#define DB_COLUMN__SELECT 0x00000080UL
+#define DB_COLUMN__UPDATE 0x00000100UL
+#define DB_COLUMN__INSERT 0x00000200UL
+#define DB_TUPLE__RELABELFROM 0x00000001UL
+#define DB_TUPLE__RELABELTO 0x00000002UL
+#define DB_TUPLE__USE 0x00000004UL
+#define DB_TUPLE__SELECT 0x00000008UL
+#define DB_TUPLE__UPDATE 0x00000010UL
+#define DB_TUPLE__INSERT 0x00000020UL
+#define DB_TUPLE__DELETE 0x00000040UL
+#define DB_BLOB__CREATE 0x00000001UL
+#define DB_BLOB__DROP 0x00000002UL
+#define DB_BLOB__GETATTR 0x00000004UL
+#define DB_BLOB__SETATTR 0x00000008UL
+#define DB_BLOB__RELABELFROM 0x00000010UL
+#define DB_BLOB__RELABELTO 0x00000020UL
+#define DB_BLOB__READ 0x00000040UL
+#define DB_BLOB__WRITE 0x00000080UL
+#define DB_BLOB__IMPORT 0x00000100UL
+#define DB_BLOB__EXPORT 0x00000200UL
+
+/*
+ * SE-PostgreSQL core functions
+ * src/backend/security/sepgsqlCore.c
+ */
+extern bool sepgsqlIsEnabled(void);
+extern Size sepgsqlShmemSize(void);
+extern void sepgsqlInitialize(void);
+extern int sepgsqlInitializePostmaster(void);
+extern void sepgsqlFinalizePostmaster(void);
+
+extern Oid sepgsqlGetServerContext(void);
+extern Oid sepgsqlGetClientContext(void);
+extern void sepgsqlSetClientContext(Oid new_ctx);
+extern Oid sepgsqlGetDatabaseContext(void);
+extern char *sepgsqlGetDatabaseName(void);
+
+extern bool sepgsql_avc_permission_noaudit(Oid ssid, Oid tsid, uint16 tclass,
+ uint32 perms, char **audit, char *objname);
+extern void sepgsql_avc_permission(Oid ssid, Oid tsid, uint16 tclass,
+ uint32 perms, char *objname);
+extern char *sepgsqlGetTupleName(Oid relid, HeapTuple tuple);
+extern void sepgsql_audit(bool result, char *message);
+extern Oid sepgsql_avc_createcon(Oid ssid, Oid tsid, uint16 tclass);
+extern Oid sepgsql_avc_relabelcon(Oid ssid, Oid tsid, uint16 tclass);
+extern bool sepgsql_check_context(char *context);
+
+extern Datum sepgsql_getcon(PG_FUNCTION_ARGS);
+
+/*
+ * SE-PostgreSQL proxy functions
+ * src/backend/security/sepgsqlProxy.c
+ */
+extern List *sepgsqlProxyQuery(Query *query);
+extern void sepgsqlVerifyQuery(Query *query);
+extern Oid sepgsqlPreparePlanCheck(Relation rel);
+extern void sepgsqlRestorePlanCheck(Relation rel, Oid pgace_saved);
+
+/*
+ * SE-PostgreSQL hooks
+ * src/backend/security/sepgsqlHooks.c
+ */
+
+/* simple_heap_xxxx hooks */
+extern void sepgsqlSimpleHeapInsert(Relation rel, HeapTuple tuple);
+extern void sepgsqlSimpleHeapUpdate(Relation rel, ItemPointer tid, HeapTuple newtup);
+extern void sepgsqlSimpleHeapDelete(Relation rel, ItemPointer tid);
+
+/* heap_xxxx hooks for implicit labeling */
+extern void sepgsqlHeapInsert(Relation rel, HeapTuple tuple);
+extern void sepgsqlHeapUpdate(Relation rel, HeapTuple newtup, HeapTuple oldtup);
+
+/* INSERT/UPDATE/DELETE statement hooks */
+extern bool sepgsqlExecInsert(Relation rel, HeapTuple tuple, bool with_returning);
+extern bool sepgsqlExecUpdate(Relation rel, HeapTuple newtup, ItemPointer tid, bool with_returning);
+extern bool sepgsqlExecDelete(Relation rel, ItemPointer tid, bool with_returning);
+
+/* DATABASE */
+extern void sepgsqlAlterDatabaseContext(Relation rel, HeapTuple tuple, char *new_context);
+extern void sepgsqlSetDatabaseParam(const char *name, char *argstring);
+extern void sepgsqlGetDatabaseParam(const char *name);
+
+/* RELATION/ATTRIBUTE */
+extern void sepgsqlLockTable(Oid relid);
+
+/* FUNCTION */
+extern void sepgsqlCallFunction(FmgrInfo *finfo, bool with_perm_check);
+extern bool sepgsqlCallFunctionTrigger(FmgrInfo *finfo, TriggerData *tgdata);
+extern void sepgsqlAlterProcedureContext(Relation rel, HeapTuple tuple, char *context);
+
+/* COPY */
+extern void sepgsqlCopyTable(Relation rel, List *attnumlist, bool is_from);
+extern bool sepgsqlCopyToTuple(Relation rel, HeapTuple tuple);
+extern bool sepgsqlCopyFromTuple(Relation rel, HeapTuple tuple);
+
+/* LOAD shared library module */
+extern void sepgsqlLoadSharedModule(const char *filename);
+
+/* copy/print node object */
+extern Node *sepgsqlCopyObject(Node *node);
+extern bool sepgsqlOutObject(StringInfo str, Node *node);
+
+/* SECURITY LABEL IN/OUT */
+extern char *sepgsqlSecurityLabelIn(char *context);
+extern char *sepgsqlSecurityLabelOut(char *context);
+extern bool sepgsqlSecurityLabelIsValid(char *context);
+extern char *sepgsqlSecurityLabelOfLabel(char *context);
+extern char *sepgsqlSecurityLabelNotFound(Oid sid);
+
+/*
+ * SE-PostgreSQL Binary Large Object (BLOB) functions
+ * src/backend/security/sepgsqlLargeObject.c
+ */
+extern Oid sepgsqlLargeObjectGetSecurity(HeapTuple tuple);
+extern void sepgsqlLargeObjectSetSecurity(HeapTuple tuple, Oid lo_security, bool is_first);
+extern void sepgsqlLargeObjectCreate(Relation rel, HeapTuple tuple);
+extern void sepgsqlLargeObjectDrop(Relation rel, HeapTuple tuple);
+extern void sepgsqlLargeObjectOpen(Relation rel, HeapTuple tuple, bool read_only);
+extern void sepgsqlLargeObjectRead(Relation rel, HeapTuple tuple);
+extern void sepgsqlLargeObjectWrite(Relation rel, HeapTuple newtup, HeapTuple oldtup);
+extern void sepgsqlLargeObjectImport(void);
+extern void sepgsqlLargeObjectExport(void);
+
+/*
+ * SE-PostgreSQL Heap related functions
+ * src/backend/security/sepgsqlHeap.c
+ */
+
+extern Oid sepgsqlComputeImplicitContext(Relation rel, HeapTuple tuple);
+extern bool sepgsqlCheckTuplePerms(Relation rel, HeapTuple tuple, HeapTuple oldtup,
+ uint32 perms, bool abort);
+extern Datum sepgsql_tuple_perms(PG_FUNCTION_ARGS);
+extern Datum sepgsql_tuple_perms_abort(PG_FUNCTION_ARGS);
+
+/*
+ * SE-PostgreSQL extended SQL statement
+ * src/backend/security/sepgsqlExtStmt.c
+ */
+extern DefElem *sepgsqlGramSecurityLabel(char *defname, char *context);
+extern bool sepgsqlNodeIsSecurityLabel(DefElem *defel);
+extern Oid sepgsqlParseSecurityLabel(DefElem *defel);
+
+#endif /* SEPGSQL_INTERNAL_H */
diff -rpNU3 postgresql-8.2.4/src/include/utils/syscache.h sepostgresql-8.2.4/src/include/utils/syscache.h
--- postgresql-8.2.4/src/include/utils/syscache.h 2006-07-14 03:01:02.000000000 +0900
+++ sepostgresql-8.2.4/src/include/utils/syscache.h 2007-04-07 15:10:06.000000000 +0900
@@ -63,6 +63,8 @@
#define STATRELATT 32
#define TYPENAMENSP 33
#define TYPEOID 34
+#define SECURITYOID 35
+#define SECURITYLABEL 36
extern void InitCatalogCache(void);
extern void InitCatalogCachePhase2(void);
sepostgresql-fedora-prefix.patch:
--- NEW FILE sepostgresql-fedora-prefix.patch ---
Index: trunk/src/Makefile.global.in
===================================================================
--- trunk/src/Makefile.global.in (revision 430)
+++ trunk/src/Makefile.global.in (working copy)
@@ -73,14 +73,14 @@
datadir := @datadir@
ifeq "$(findstring pgsql, $(datadir))" ""
ifeq "$(findstring postgres, $(datadir))" ""
-override datadir := $(datadir)/postgresql
+override datadir := $(datadir)/sepgsql
endif
endif
sysconfdir := @sysconfdir@
ifeq "$(findstring pgsql, $(sysconfdir))" ""
ifeq "$(findstring postgres, $(sysconfdir))" ""
-override sysconfdir := $(sysconfdir)/postgresql
+override sysconfdir := $(sysconfdir)/sepgsql
endif
endif
@@ -89,7 +89,7 @@
pkglibdir = $(libdir)
ifeq "$(findstring pgsql, $(pkglibdir))" ""
ifeq "$(findstring postgres, $(pkglibdir))" ""
-override pkglibdir := $(pkglibdir)/postgresql
+override pkglibdir := $(pkglibdir)/sepgsql
endif
endif
@@ -98,7 +98,7 @@
pkgincludedir = $(includedir)
ifeq "$(findstring pgsql, $(pkgincludedir))" ""
ifeq "$(findstring postgres, $(pkgincludedir))" ""
-override pkgincludedir := $(pkgincludedir)/postgresql
+override pkgincludedir := $(pkgincludedir)/sepgsql
endif
endif
@@ -109,7 +109,7 @@
ifneq (,$(docdir))
ifeq "$(findstring pgsql, $(docdir))" ""
ifeq "$(findstring postgres, $(docdir))" ""
-override docdir := $(docdir)/postgresql
+override docdir := $(docdir)/sepgsql
endif
endif
endif
Index: trunk/src/bin/pg_ctl/pg_ctl.c
===================================================================
--- trunk/src/bin/pg_ctl/pg_ctl.c (revision 429)
+++ trunk/src/bin/pg_ctl/pg_ctl.c (working copy)
@@ -557,7 +557,7 @@
postmaster_path = pg_malloc(MAXPGPATH);
- if ((ret = find_other_exec(argv0, "postgres", PM_VERSIONSTR,
+ if ((ret = find_other_exec(argv0, "sepostgres", PM_VERSIONSTR,
postmaster_path)) < 0)
{
char full_path[MAXPGPATH];
Index: trunk/src/bin/initdb/initdb.c
===================================================================
--- trunk/src/bin/initdb/initdb.c (revision 429)
+++ trunk/src/bin/initdb/initdb.c (working copy)
@@ -2646,7 +2646,7 @@
sprintf(pgdenv, "PGDATA=%s", pg_data);
putenv(pgdenv);
- if ((ret = find_other_exec(argv[0], "postgres", PG_VERSIONSTR,
+ if ((ret = find_other_exec(argv[0], "sepostgres", PG_VERSIONSTR,
backend_exec)) < 0)
{
char full_path[MAXPGPATH];
Index: trunk/src/bin/pg_dump/pg_dumpall.c
===================================================================
--- trunk/src/bin/pg_dump/pg_dumpall.c (revision 429)
+++ trunk/src/bin/pg_dump/pg_dumpall.c (working copy)
@@ -139,7 +139,7 @@
}
}
- if ((ret = find_other_exec(argv[0], "pg_dump", PGDUMP_VERSIONSTR,
+ if ((ret = find_other_exec(argv[0], "sepg_dump", PGDUMP_VERSIONSTR,
pg_dump_bin)) < 0)
{
char full_path[MAXPGPATH];
--- NEW FILE sepostgresql.8 ---
.TH "sepostgresql" "8" "Jul 15 2007" "kaigai at kaigai.gr.jp" "Security-Enhanced PostgreSQL"
.SH "NAME"
sepostgresql \- Security-Enhances PostgreSQL
.SH "DESCRIPTION"
Security-Enhanced PostgreSQL (SE-PostgreSQL) is an enhancement of PostgreSQL, to apply fine grained mandatory access control for database objects based on the security policy of SELinux.
These features enable to apply flexible integrated access control policy between operating system and database management system, during all stages of the life of the information.
.PP
This document describes the way to customize SE-PostgreSQL on the default security policy.
.SH "BOOLEANS"
The SELinux policy is customizable via BOOLEAN variable. This variable has two states, 1 (on) or 0 (off). A part of the policy is enabled or disabled depending on related boolean variables.
\fBsepgsql_enable_unconfined\fP toggles whether \fIunconfined_t\fP and \fIsysadm_t\fP domains are allowed to access database objects without any restruction on type enforcement, or not.
When \fIsepgsql_enable_unconfined\fP is off, those domains are also restricted its operation as other domains begin applied. In the default, it is set to on.
You can set it as follows:
.EX
setsebool -P sepgsql_enable_unconfined ( \fBon\fP | off )
.EE
\fBsepgsql_enable_users_ddl\fP toggles whether non-administrative domain is allowed to use DDL statement like CREATE TABLE and so on.
In the default, it is set to on. You can set it as follows:
.EX
setsebool -P sepgsql_enable_users_ddl ( \fBon\fP | off )
.EE
\fBsepgsql_enable_auditallow\fP toggles output of audit messages in the case when required permission checks are allowed. In the default, it is set to off. You can set it as follows:
.EX
setsebool -P sepgsql_enable_auditallow ( on | \fBoff\fP )
.EE
\fBsepgsql_enable_auditdeny\fP toggles output of audit messages in the case when required permission checks are denied. In the default, it is set to on. You can set it as follows:
.EX
setsebool -P sepgsql_enable_auditdeny ( \fBon\fP | off )
.EE
\fBsepgsql_enable_audittuple\fP toggles output of audit messages for any tuple. Because audit messages for tuples in a large size table can cause flood of messages, we can set \fIsepgsql_enable_audittuple\fP independently from any other object classes.
Audit messages for tuples are generated in the only case when \fIsepgsql_enable_audittuple\fP and either \fIsepgsql_enable_auditallow\fP or \fIsepgsql_enable_auditdeny\fP are enabled.
In the default, it is set to off. You can set it as follows:
.EX
setsebool -P sepgsql_enable_audittuple ( on | \fBoff\fP )
.EE
.SH "TYPES"
\fBsepgsql_db_t\fP is a only type for database itself.
It is attched for newly created databases in the default.
\fBsepgsql_table_t\fP is a type for tables, columns and tuples.
It is attached for newly created the objects in the default.
Non-administrative clients can do any kinds of operations except for relabeling.
\fBsepgsql_secret_table_t\fP is a type for tables, columns and tuples.
Non-administrative clients cannot access the objects with this type.
\fBsepgsql_ro_table_t\fP is a type for read-only tables, columns and tuples.
Non-administrative clients cannot modify the objects with this type.
\fBsepgsql_fixed_table_t\fP is a type for non-manupulatable tables, columns and tuples.
Non-administrative clients cannot update or delete the objects with this type.
\fBsepgsql_proc_t\fP is a type for procedures.
It is attached for newly created procedures by adminictrative domain.
Any client can call these procedures with this type.
\fBsepgsql_userproc_t\fP is a type for procedures.
It is attached for newly created procedures by non-administrative domain.
Administrative domains cannot call the procedure for safety. He have to relabel it into \fIsepgsql_proc_t\fP at first. It is a policy to avoid to execute doubtful code under administrative domain.
\fBsepgsql_trusted_proc_t\fP is a type for trusted procedures.
Calling procedures with this type invokes domain transition.
Then the function works as an administrative domain, so database administrator can provide limited path to access protected object.
\fBsepgsql_blob_t\fP is a type for binary large objects (blob).
It is attached for newly created blob in the default.
Non-administrative clients can read and write the blobs with this type.
\fBsepgsql_ro_blob_t\fP is a type for read-only binary large objects (blob).
Non-administrative clients cannot write the blobs with this type.
.SH "BACKUP and RESTORE"
\fI--enable-selinux\fP option in \fBsepg_dump\fP and \fBsepg_dumpall\fP enable to dump database image with security context. We can restore the dumped image using the standard \fIpg_restore\fP and so on.
.EX
Example)
$ sepg_dump -Ft -b --enable-selinux postgres | gzip -c > postgres.tgz
.EE
.SH AUTHOR
This manual page was written by KaiGai Kohei <kaigai at kaigai.gr.jp>
.SH "SEE ALSO"
selinux(8), boolean(8)
--- NEW FILE sepostgresql.fc ---
#
# SE-PostgreSQL install path
#
/usr/bin/sepostgres -- gen_context(system_u:object_r:postgresql_exec_t,s0)
/usr/bin/initdb.sepgsql -- gen_context(system_u:object_r:postgresql_exec_t,s0)
/usr/bin/sepg_ctl -- gen_context(system_u:object_r:initrc_exec_t,s0)
/var/lib/sepgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
/var/lib/sepgsql/pgstartup\.log gen_context(system_u:object_r:postgresql_log_t,s0)
/var/log/sepostgresql\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0)
--- NEW FILE sepostgresql.if ---
########################################
## <summary>
## marks as a server process of SE-PostgreSQL.
## </summary>
## <param name="type">
## <summary>
## Type marked as a database object type.
## </summary>
## </param>
#
interface(`sepgsql_server_domain',`
gen_require(`
attribute sepgsql_server_type;
')
typeattribute $1 sepgsql_server_type;
')
########################################
## <summary>
## Marks as a SE-PostgreSQL loadable shared library module
## </summary>
## <param name="type">
## <summary>
## Type marked as a database object type.
## </summary>
## </param>
#
interface(`sepgsql_module_object',`
gen_require(`
attribute sepgsql_module_type;
')
typeattribute $1 sepgsql_module_type;
')
########################################
## <summary>
## marks as a administrative client process of SE-PostgreSQL.
## </summary>
## <param name="type">
## <summary>
## A domain marked as a administrative client domain
## </summary>
## </param>
#
interface(`sepgsql_unconfined_domain',`
gen_require(`
attribute sepgsql_admin_domain;
attribute sepgsql_users_domain;
')
typeattribute $1 sepgsql_admin_domain;
typeattribute $1 sepgsql_users_domain;
')
########################################
## <summary>
## marks as a generic client process of SE-PostgreSQL.
## </summary>
## <param name="type">
## <summary>
## A domain marked as a generic client domain
## </summary>
## </param>
#
interface(`sepgsql_client_domain',`
gen_require(`
attribute sepgsql_users_domain;
')
typeattribute $1 sepgsql_users_domain;
')
--- NEW FILE sepostgresql.init ---
#!/bin/sh
# sepostgresql This is the init script for starting up SE-PostgreSQL
#
# chkconfig: - 62 38
# description: Starts and stops the SE-PostgreSQL backend daemon
# processname: postmaster
# pidfile: /var/run/postmaster.pid
#---------------------------------------------------------------------
PGVERSION="8.2.4"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9]*\).*$/\1/'`
SEPGVERSION="0.434"
# source function library
. /etc/rc.d/init.d/functions
# get config
. /etc/sysconfig/network
# find the name of the script
NAME=`basename $0`
if [ ${NAME:0:1} = "S" -o ${NAME:0:1} = "K" ]; then
NAME=${NAME:3}
fi
# set defaults for configurable variables
SEPGSQL_BIN="/usr/bin"
SEPGSQL_DATA="/var/lib/sepgsql/data"
SEPGSQL_OPTS="-i -p 5432"
SEPGSQL_STARTUP_LOG="/var/lib/sepgsql/pgstartup.log"
SEPGSQL_LOG="/var/log/sepostgresql.log"
SEPGSQL_FALLBACK_CONTEXT="user_u:user_r:user_t"
# override defaults from /etc/sysconfig/sepostgresql
test -f /etc/sysconfig/${NAME} && . /etc/sysconfig/${NAME}
export SEPGSQL_FALLBACK_CONTEXT
# Check that networking is up.
test "${NETWORKING}" = "no" && exit 0
test -f "${SEPGSQL_BIN}/postmaster" || exit 1
script_result=0
do_start() {
PSQL_START=$"Starting ${NAME} service: "
echo -n "$PSQL_START"
# make sure startup-time log file is valid
if [ ! -e "${SEPGSQL_STARTUP_LOG}" -a ! -h "${SEPGSQL_STARTUP_LOG}" ]; then
touch "${SEPGSQL_STARTUP_LOG}" || exit 1
chown sepgsql:sepgsql "${SEPGSQL_STARTUP_LOG}"
chmod 600 "${SEPGSQL_STARTUP_LOG}"
/sbin/restorecon "${SEPGSQL_STARTUP_LOG}"
fi
# check for the SEPGSQL_DATA structure
if [ -f "${SEPGSQL_DATA}/PG_VERSION" ] && [ -d "${SEPGSQL_DATA}/base" ]; then
if [ x`cat "${SEPGSQL_DATA}/PG_VERSION"` != x"${PGMAJORVERSION}" ]; then
echo_failure
echo
echo "HINT: An old version of the database format was found."
echo "HINT: You need to upgrade the data format before using SE-PostgreSQL."
exit 1
fi
else
echo_failure
echo
echo "HINT: ${SEPGSQL_DATA} is missing."
echo "HINT: Use '/etc/init.d/${NAME} initdb'"
echo "HINT: to initialize the database cluster first."
exit 1
fi
# make sure SEPGSQL_LOG
touch ${SEPGSQL_LOG}
chown sepgsql:sepgsql ${SEPGSQL_LOG}
chmod 600 ${SEPGSQL_LOG}
test -x /sbin/restorecon && /sbin/restorecon ${SEPGSQL_LOG}
cd ${SEPGSQL_BIN}
/sbin/runuser sepgsql -c "./sepg_ctl -l ${SEPGSQL_LOG} -D ${SEPGSQL_DATA} -o '${SEPGSQL_OPTS}' start" \
>> ${SEPGSQL_STARTUP_LOG} 2>&1 < /dev/null
sleep 1
PID=`/sbin/runuser sepgsql -c "./sepg_ctl -D ${SEPGSQL_DATA} status 2>/dev/null \
| sed 's/^.*PID: //g' | sed 's/[^0-9].*$//g'"`
if [ ${PIPESTATUS[0]} -eq 0 ]; then
echo "$PID" > "/var/run/${NAME}.pid"
touch "/var/lock/subsys/${NAME}.lock"
echo_success
else
script_result=1
echo_failure
fi
echo
}
do_stop() {
echo -n $"Stopping ${NAME} service: "
cd ${SEPGSQL_BIN}
/sbin/runuser sepgsql -c "./sepg_ctl -D ${SEPGSQL_DATA} stop" \
>> ${SEPGSQL_STARTUP_LOG} 2>&1 < /dev/null
ret=$?
if [ $ret -eq 0 ]; then
echo_success
else
echo_failure
script_result=1
fi
echo
rm -f "/var/run/${NAME}.pid"
rm -f "/var/lock/subsys/${NAME}.lock"
}
do_status() {
cd ${SEPGSQL_BIN}
/sbin/runuser sepgsql -- -c "./sepg_ctl -D ${SEPGSQL_DATA} status" 2>/dev/null \
| head -1 | sed "s/^sepg_ctl:/${NAME}:/g"
if [ ${PIPESTATUS[0]} -ne 0 ]; then
script_result=3
test -e "/var/run/${NAME}.pid" && script_result=1
test -e "/var/lock/subsys/${NAME}.lock" && script_result=2
fi
}
do_condrestart() {
cd ${SEPGSQL_BIN}
/sbin/runuser sepgsql -- -c "./sepg_ctl -D ${SEPGSQL_DATA} status" &>/dev/null && do_stop && do_start
}
do_condstop() {
cd ${SEPGSQL_BIN}
/sbin/runuser sepgsql -- -c "./sepg_ctl -D ${SEPGSQL_DATA} status" &>/dev/null && do_stop
}
do_reload() {
echo -n $"Reloading ${NAME} service: "
cd ${SEPGSQL_BIN}
/sbin/runuser sepgsql -- -c "./sepg_ctl -D ${SEPGSQL_DATA} reload" &>/dev/null < /dev/null
if [ $? -eq 0 ]; then
echo_success
else
echo_failure
script_result=1
fi
echo
}
do_initdb() {
echo -n $"Initializing database: "
if [ -f "${SEPGSQL_DATA}/PG_VERSION" ]; then
echo_failure
echo
echo "HINT: Data directory is not empty"
script_result=1
else
if [ ! -e "${SEPGSQL_DATA}" -a ! -h "${SEPGSQL_DATA}" ]; then
mkdir -p "${SEPGSQL_DATA}" || exit 1
chown sepgsql:sepgsql "${SEPGSQL_DATA}"
chmod 600 "${SEPGSQL_DATA}"
fi
# cleanup SELinux labeling for "${SEPGSQL_DATA}"
test -x /sbin/restorecon && /sbin/restorecon -R "${SEPGSQL_DATA}"
# Initialize the database
cd ${SEPGSQL_BIN}
/sbin/runuser -- sepgsql -c "./initdb.sepgsql -A 'ident sameuser' ${SEPGSQL_DATA}" \
>> "${SEPGSQL_STARTUP_LOG}" 2>&1 < /dev/null
if [ -f "${SEPGSQL_DATA}/PG_VERSION" ]; then
echo_success
else
echo_failure
script_result=1
fi
echo
fi
}
# see how we were called.
case "$1" in
start)
do_start
;;
stop)
do_stop
;;
status)
do_status
;;
restart)
do_stop
do_start
;;
condrestart)
do_condrestart
;;
condstop)
do_condstop
;;
reload|force-reload)
do_reload
;;
initdb)
do_initdb
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|condstop|reload|force-reload|initdb}"
exit 1
;;
esac
exit $script_result
--- NEW FILE sepostgresql.spec ---
#
# Security Enhanced PostgreSQL (SE-PostgreSQL)
#
# Copyright 2007 KaiGai Kohei <kaigai at kaigai.gr.jp>
# -----------------------------------------------------
# SELinux policy types
%define selinux_variants mls strict targeted
# SE-PostgreSQL status extension
%{!?sepgextension:%define sepgextension .beta}
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.2.4
Release: 0.434%{?sepgextension}%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Source0: ftp://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.gz
Source1: sepostgresql.init
Source2: sepostgresql.if
Source3: sepostgresql.te
Source4: sepostgresql.fc
Source5: sepostgresql.8
Patch0: sepostgresql-8.2.4-0.434.patch
Patch1: sepostgresql-fedora-prefix.patch
BuildRequires: perl glibc-devel bison flex autoconf readline-devel zlib-devel >= 1.0.4
Buildrequires: checkpolicy libselinux-devel >= 2.0.13 selinux-policy-devel >= 3.0.6
Requires(pre): shadow-utils
Requires(post): policycoreutils /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): policycoreutils
Requires: postgresql-server = %{version}
Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.13 selinux-policy >= 3.0.6
%description
Security Enhanced PostgreSQL is an extension of PostgreSQL
based on SELinux security policy, that applies fine grained
mandatory access control to many objects within the database,
and takes advantage of user authorization integrated within
the operating system. SE-PostgreSQL works as a userspace
reference monitor to check any SQL query.
%prep
%setup -q -n postgresql-%{version}
%patch0 -p1
%patch1 -p1
mkdir selinux-policy
cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux-policy
%build
CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS
CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS
# build Binary Policy Module
pushd selinux-policy
for selinuxvariant in %{selinux_variants}
do
make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile
mv %{name}.pp %{name}.pp.${selinuxvariant}
make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean
done
popd
# build SE-PostgreSQL
autoconf
%configure --disable-rpath \
--enable-selinux \
%if %{defined sepgextension}
--enable-debug \
--enable-cassert \
%endif
--libdir=%{_libdir}/sepgsql \
--datadir=%{_datadir}/sepgsql
# parallel build, if possible
SECCLASS_DB_DATABASE=`grep ^define %{_datadir}/selinux/devel/include/support/all_perms.spt | cat -n | grep all_db_database_perms | awk '{print $1}'`
make CUSTOM_COPT="-D SECCLASS_DB_DATABASE=${SECCLASS_DB_DATABASE}" %{?_smp_mflags}
%install
rm -rf %{buildroot}
pushd selinux-policy
for selinuxvariant in %{selinux_variants}
do
install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
install -p -m 644 %{name}.pp.${selinuxvariant} \
%{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{name}.pp
done
popd
make DESTDIR=%{buildroot} install
# avoid to conflict with native postgresql package
mv %{buildroot}%{_bindir} %{buildroot}%{_bindir}.orig
install -d %{buildroot}%{_bindir}
mv %{buildroot}%{_bindir}.orig/initdb %{buildroot}%{_bindir}/initdb.sepgsql
mv %{buildroot}%{_bindir}.orig/pg_ctl %{buildroot}%{_bindir}/sepg_ctl
mv %{buildroot}%{_bindir}.orig/postgres %{buildroot}%{_bindir}/sepostgres
mv %{buildroot}%{_bindir}.orig/pg_dump %{buildroot}%{_bindir}/sepg_dump
mv %{buildroot}%{_bindir}.orig/pg_dumpall %{buildroot}%{_bindir}/sepg_dumpall
# /usr/lib/sepgsql
mv %{buildroot}%{_libdir}/sepgsql %{buildroot}%{_libdir}/sepgsql.orig
install -d %{buildroot}%{_libdir}/sepgsql
mv %{buildroot}%{_libdir}/sepgsql.orig/*_and_*.so %{buildroot}%{_libdir}/sepgsql
mv %{buildroot}%{_libdir}/sepgsql.orig/plpgsql.so %{buildroot}%{_libdir}/sepgsql
# remove unnecessary files
rm -rf %{buildroot}%{_bindir}.orig
rm -rf %{buildroot}%{_libdir}/sepgsql.orig
rm -rf %{buildroot}%{_includedir}
rm -rf %{buildroot}%{_usr}/doc
rm -rf %{buildroot}%{_datadir}/sepgsql/timezone
rm -rf %{buildroot}%{_mandir}
# /var/lib/sepgsql
install -d -m 700 %{buildroot}%{_localstatedir}/lib/sepgsql
install -d -m 700 %{buildroot}%{_localstatedir}/lib/sepgsql/data
install -d -m 700 %{buildroot}%{_localstatedir}/lib/sepgsql/backups
# /etc/rc.d/init.d/*
mkdir -p %{buildroot}%{_initrddir}
install -p -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/sepostgresql
# /usr/share/man/*
mkdir -p %{buildroot}%{_mandir}/man8
install -p -m 644 %{SOURCE5} %{buildroot}%{_mandir}/man8
%clean
rm -rf %{buildroot}
%pre
getent group sepgsql >/dev/null || groupadd -r sepgsql
getent passwd sepgsql >/dev/null || \
useradd -r -g sepgsql -d %{_localstatedir}/lib/sepgsql -s /bin/bash \
-c "SE-PostgreSQL server" sepgsql
exit 0
%post
/sbin/chkconfig --add %{name}
/sbin/ldconfig
for selinuxvariant in %{selinux_variants}
do
%{_sbindir}/semodule -s ${selinuxvariant} -l >& /dev/null || continue;
%{_sbindir}/semodule -s ${selinuxvariant} -l | egrep -q '^%{name}' && \
%{_sbindir}/semodule -s ${selinuxvariant} -r %{name} >& /dev/null || :
%{_sbindir}/semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{name}.pp >& /dev/null || :
done
# Fix up non-standard file contexts
/sbin/fixfiles -R %{name} restore || :
/sbin/restorecon -R %{_localstatedir}/lib/sepgsql || :
%preun
if [ $1 -eq 0 ]; then # rpm -e case
/sbin/service %{name} condstop >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
%postun
/sbin/ldconfig
if [ $1 -ge 1 ]; then # rpm -U case
/sbin/service %{name} condrestart >/dev/null 2>&1 || :
fi
if [ $1 -eq 0 ]; then # rpm -e case
for selinuxvariant in %{selinux_variants}
do
%{_sbindir}/semodule -s ${selinuxvariant} -l >& /dev/null || continue;
%{_sbindir}/semodule -s ${selinuxvariant} -l | egrep -q '^%{name}' && \
%{_sbindir}/semodule -s ${selinuxvariant} -r %{name} >& /dev/null || :
done
/sbin/fixfiles -R %{name} restore || :
test -d %{_localstatedir}/lib/sepgsql && /sbin/restorecon -R %{_localstatedir}/lib/sepgsql || :
fi
%files
%defattr(-,root,root,-)
%doc COPYRIGHT README HISTORY
%{_initrddir}/sepostgresql
%{_bindir}/initdb.sepgsql
%{_bindir}/sepg_ctl
%{_bindir}/sepostgres
%{_bindir}/sepg_dump
%{_bindir}/sepg_dumpall
%{_mandir}/man8/sepostgresql.*
%dir %{_libdir}/sepgsql
%{_libdir}/sepgsql/plpgsql.so
%{_libdir}/sepgsql/*_and_*.so
%dir %{_datadir}/sepgsql
%{_datadir}/sepgsql/postgres.bki
%{_datadir}/sepgsql/postgres.description
%{_datadir}/sepgsql/postgres.shdescription
%{_datadir}/sepgsql/system_views.sql
%{_datadir}/sepgsql/*.sample
%{_datadir}/sepgsql/timezonesets/
%{_datadir}/sepgsql/conversion_create.sql
%{_datadir}/sepgsql/information_schema.sql
%{_datadir}/sepgsql/sql_features.txt
%attr(644,root,root) %{_datadir}/selinux/*/sepostgresql.pp
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/data
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
* Thu Aug 28 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.434.beta
- add Requires: postgresql-server, instead of Conflicts: tag
(Some sharable files are removed from sepostgresql package)
* Fri Aug 24 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.429.beta
- add policycoreutils to Requires(post/postun)
- upstreamed selinux-policy got SE-PostgreSQL related object classes definition.
* Sat Aug 18 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.427.beta
- sepg_dumpall uses /usr/bin/sepg_dump
* Fri Aug 17 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.423.beta
- fix policy not to execute sepgsql_user_proc_t from administrative domain
* Fri Aug 10 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.418.beta
- object classes are renamed with "db_" prefix
- /etc/init.d/sepostgresql script is improved.
* Thu Aug 2 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.409.beta
- specfile updated based on the following comments
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249522#c5
* Mon Jul 30 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.407.beta
- fix spec file based on Fedora reviewing process
- add rawhide support
* Mon Jul 23 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.402.beta
- add manpage of sepostgresql
- fix specfile convention for Fedora suitable
* Sun Jul 15 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.398.beta
- SECCLASS_DATABASE is updated (fc7->62, fc6->61)
* Sun Jul 1 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.391.beta
- Mark as a beta version.
* Sat Jun 30 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.384.alpha
- add fallback context support with $SEPGSQL_FALLBACK_CONTEXT
- add sepgsql_enable_users_ddl boolean to restrict sepgsql_sysobj_t
- BUGFIX: incorrect inherited attribute expanding for RECORD type (attno=0)
- BUGFIX: trigger functions were not checked in COPY FROM statement
* Tue Jun 26 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.376.alpha
- add pgaceExecutorStart() to hook ExecutorStart()
* Mon Jun 25 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.372.alpha
- add table name prefix for column name on audit messages
- use security_label_raw_in as an alternative for security_label_in
- add hook for query execution path with SPI_ interface
- add trigger function suppoer
- BUGFIX: remove unnecessary checks for COPY TO/FROM on non-table relation
- BUGFIX: remove unnecessary checks for LOCK on non-table relation
- BUGFIX: incorrect object id for tuples within pg_security
- BUGFIX: CommandCounterIncrement() might be called during heap_create_with_catalog.
- BUGFIX: correct self-deadlock
- update security policy: sepgsql_sysobj_t, sepgsql_user_proc_t, sepgsql_ro_blob_t
* Tue Jun 19 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.351.alpha
- BUGFIX: sepgsql_compute_avc_datum() accessed userspace AVC without
holding any lock.
- improve build scripts.
* Sat Jun 16 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.320.alpha
- update: sepostgresql.pp security policy fot strict/mls suitable
- BUGFIX: column:drop evaluation for ALTER TABLE tbl DROP col; statement
- add --enable-security option for pg_dumpall command
- add {use} permission for table/column/tuple object classes
* Tue May 29 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.306.alpha
- BUGFIX: RangeTblEntry->requiredPerms are polluted.
* Sun May 27 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.304.alpha
- add support for dynamic object class/access vector mapping
- BUGFIX: Lack of implicit labeling on COPY FROM statement for system catalogs
- BUGFIX: Incorrect security context handling for inherited tables
* Fri May 25 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.292.alpha
- add pg_dump/pg_dumpall/pg_restore with --enable-security option
- add support on OUTER JOIN by rewriting query.
- add security_context support on COPY TO/FROM statement
- add unlabeled security context support (enable to obtain /selinux/initial_contexts/*)
- BUGFIX: lack of checks on JOIN ON condition
- BUGFIX: pseudo relation object (sequence, toast, ...) are not handled as database obj.
- BUGFIX: lack of tuple:insert checks at COPY FROM statement
- BUGFIX: server crash when CREATE TABLE command with newly defined CONTEXT = '...'.
* Wed May 16 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.266.alpha
- BUGFIX: incorrect security context of newly generated system object.
- BUGFIX: missing error text when audit log is disabled.
- BUGFIX: incorrect Oid of newly generated tuples within pg_security.
- BUGFIX: sepgsql_enable_audittuple is misconditioned.
- add checks for T_RowExpr/T_RowCompareExpr/T_BooleanTest
T_DistinctExpr/T_ConvertRowtypeExpr
- add support CONTEXT = 'xxx' for CREATE TABLE/FUNCTION/DATABASE statement
* Sun Apr 30 2007 <kaigai at kaigai.gr.jp> - 8.2.4-0.240.alpha
- update base version 8.2.3 -> 8.2.4
- BUGFIX: unexpected expose in OUTER JOIN statement.
add rewrite OUTER JOIN into SUBQUERY to ensure filtering violated tuples.
- BUGFIX: strange operation in text_to_security_label()
- BUGFIX: infinite recursive call on security label -> oid mapping
- BUGFIX: sepgsql_avc_init() is called in policy state monitoring process
to avoid nonsense initialization of avc_shmem.
* Fri Apr 27 2007 <kaigai at kaigai.gr.jp> - 8.2.3-0.232.alpha
- object class numbers were redefined. (SECCLASS_DATABASE got into 61)
- is_selinux_enabled() was cached on the shared memory segment.
- BUGFIX: server went into infinit loop on foreign key constraint.
* Mon Apr 16 2007 <kaigai at kaigai.gr.jp> - 8.2.3-0.226.alpha
- BUGFIX: cases when several variables with same type in a single table
* Sat Apr 07 2007 <kaigai at kaigai.gr.jp> - 8.2.3-0.214.alpha
- add the first implementation of SE-PostgreSQL on PGACE framework
* Wed Mar 21 2007 <kaigai at kaigai.gr.jp> - 8.2.3-0.212.alpha
- BUGFIX: SetOperation didn't handle its subquery correctly.
So, it caused server crash.
* Wed Mar 07 2007 <kaigai at kaigai.gr.jp> - 8.2.3-0.209.alpha
- BUGFIX: var->varlevelsup was ignored, so outer references
from subqueries cause a fault.
* Tue Feb 27 2007 <kaigai at kaigai.gr.jp> - 8.2.3-0.178.alpha
- Initial RPM build
--- NEW FILE sepostgresql.te ---
policy_module(sepostgresql, 0.434)
gen_require(`
all_userspace_class_perms
type postgresql_t;
type lib_t, shlib_t;
type unlabeled_t;
attribute domain;
attribute file_type;
')
########################################
#
# Declarations
#
# ---- Booleans ----
gen_tunable(sepgsql_enable_unconfined, true)
gen_tunable(sepgsql_enable_auditallow, false)
gen_tunable(sepgsql_enable_auditdeny, true)
gen_tunable(sepgsql_enable_audittuple, false)
gen_tunable(sepgsql_enable_users_ddl, true)
# ---- Database client type ----
attribute sepgsql_admin_domain;
attribute sepgsql_users_domain;
# ---- Database object type ----
attribute sepgsql_server_type;
attribute sepgsql_database_type;
attribute sepgsql_table_type;
attribute sepgsql_procedure_type;
attribute sepgsql_blob_type;
attribute sepgsql_module_type;
#---------------------------------------
# SE-PostgreSQL userspace-managed objects
# for database class
type sepgsql_db_t, sepgsql_database_type;
# for table/column/tuple class
type sepgsql_table_t, sepgsql_table_type;
type sepgsql_sysobj_t, sepgsql_table_type;
type sepgsql_secret_table_t, sepgsql_table_type;
type sepgsql_ro_table_t, sepgsql_table_type;
type sepgsql_fixed_table_t, sepgsql_table_type;
# for procedure class
type sepgsql_proc_t, sepgsql_procedure_type;
type sepgsql_user_proc_t, sepgsql_procedure_type;
type sepgsql_trusted_proc_t, sepgsql_procedure_type;
# for blob class
type sepgsql_blob_t, sepgsql_blob_type;
type sepgsql_ro_blob_t, sepgsql_blob_type;
type sepgsql_secret_blob_t, sepgsql_blob_type;
#---------------------------------------
# SE-PostgreSQL trusted procedure domain
type sepgsql_trusted_domain_t;
domain_type(sepgsql_trusted_domain_t)
sepgsql_unconfined_domain(sepgsql_trusted_domain_t)
#---------------------------------------
# SE-PostgreSQL loadable shared library modules
sepgsql_module_object(lib_t)
sepgsql_module_object(shlib_t)
#---------------------------------------
# unlabeled object (unlabeled_t)
typeattribute unlabeled_t sepgsql_database_type;
typeattribute unlabeled_t sepgsql_table_type;
typeattribute unlabeled_t sepgsql_procedure_type;
typeattribute unlabeled_t sepgsql_blob_type;
########################################
#
# SE-PostgreSQL server domain's policy
#
optional_policy(`
gen_require(`
type postgresql_t;
')
sepgsql_server_domain(postgresql_t)
')
########################################
#
# SE-PostgreSQL client domains
#
# -- unconfined_t --
optional_policy(`
gen_require(`
type unconfined_t;
')
sepgsql_unconfined_domain(unconfined_t)
')
# -- sysadm_t --
optional_policy(`
gen_require(`
type sysadm_t;
')
sepgsql_unconfined_domain(sysadm_t)
')
# -- user_t --
optional_policy(`
gen_require(`
type user_t;
')
sepgsql_client_domain(user_t)
')
# -- staff_t --
optional_policy(`
gen_require(`
type staff_t;
')
sepgsql_client_domain(staff_t)
')
# -- guest_t --
optional_policy(`
gen_require(`
type guest_t;
')
sepgsql_client_domain(guest_t)
')
# -- httpd_t (PHP script) --
optional_policy(`
gen_require(`
type httpd_t;
')
sepgsql_client_domain(httpd_t)
')
# -- httpd_sys_script_t (CGI script) --
optional_policy(`
gen_require(`
type httpd_sys_script_t;
')
sepgsql_client_domain(httpd_sys_script_t)
')
########################################
#
# SE-PostgreSQL Type Transition
#
type_transition domain domain : db_database sepgsql_db_t;
type_transition { domain - sepgsql_server_type } sepgsql_database_type : db_table sepgsql_table_t;
type_transition sepgsql_server_type sepgsql_database_type : db_table sepgsql_sysobj_t;
type_transition domain sepgsql_database_type : db_blob sepgsql_blob_t;
########################################
#
# SE-PostgreSQL policy for server domain
#
allow sepgsql_server_type self : netlink_selinux_socket create_socket_perms;
selinux_get_fs_mount(sepgsql_server_type)
selinux_get_enforce_mode(sepgsql_server_type)
selinux_validate_context(sepgsql_server_type)
selinux_compute_access_vector(sepgsql_server_type)
selinux_compute_create_context(sepgsql_server_type)
selinux_compute_relabel_context(sepgsql_server_type)
allow sepgsql_server_type sepgsql_database_type : db_database all_db_database_perms;
allow sepgsql_server_type sepgsql_module_type : db_database { install_module };
allow sepgsql_server_type sepgsql_table_type : db_table all_db_table_perms;
allow sepgsql_server_type sepgsql_table_type : db_column all_db_column_perms;
allow sepgsql_server_type sepgsql_table_type : db_tuple all_db_tuple_perms;
allow sepgsql_server_type sepgsql_procedure_type : db_procedure all_db_procedure_perms;
allow sepgsql_server_type sepgsql_blob_type : db_blob all_db_blob_perms;
# type transition for procedure
type_transition sepgsql_server_type sepgsql_database_type : db_procedure sepgsql_proc_t;
########################################
#
# SE-PostgreSQL policy for administrative domain
#
tunable_policy(`sepgsql_enable_unconfined',`
allow sepgsql_admin_domain sepgsql_database_type : db_database all_db_database_perms;
allow sepgsql_admin_domain sepgsql_module_type : db_database { install_module };
allow sepgsql_admin_domain sepgsql_table_type : db_table all_db_table_perms;
allow sepgsql_admin_domain sepgsql_table_type : db_column all_db_column_perms;
allow sepgsql_admin_domain sepgsql_table_type : db_tuple all_db_tuple_perms;
allow sepgsql_admin_domain { sepgsql_procedure_type - sepgsql_user_proc_t } : db_procedure all_db_procedure_perms;
allow sepgsql_admin_domain sepgsql_user_proc_t : db_procedure { create drop getattr setattr relabelfrom relabelto };
allow sepgsql_admin_domain sepgsql_blob_type : db_blob all_db_blob_perms;
allow sepgsql_admin_domain sepgsql_server_type : db_blob { import export };
# type transition for procedure
type_transition sepgsql_admin_domain sepgsql_database_type : db_procedure sepgsql_proc_t;
',`
# type transition for procedure
type_transition sepgsql_admin_domain sepgsql_database_type : db_procedure sepgsql_user_proc_t;
')
########################################
#
# SE-PostgreSQL policy for generic domain
#
allow sepgsql_users_domain sepgsql_db_t : db_database { getattr access };
allow sepgsql_users_domain sepgsql_table_t : db_table { getattr use select update insert delete };
allow sepgsql_users_domain sepgsql_table_t : db_column { getattr use select update insert };
allow sepgsql_users_domain sepgsql_table_t : db_tuple { use select update insert delete };
allow sepgsql_users_domain sepgsql_sysobj_t : db_table { getattr use select };
allow sepgsql_users_domain sepgsql_sysobj_t : db_column { getattr use select };
allow sepgsql_users_domain sepgsql_sysobj_t : db_tuple { use select };
tunable_policy(`sepgsql_enable_users_ddl',`
allow sepgsql_users_domain sepgsql_table_t : db_table { create drop setattr };
allow sepgsql_users_domain sepgsql_table_t : db_column { create drop setattr };
allow sepgsql_users_domain sepgsql_sysobj_t : db_tuple { update insert delete };
')
allow sepgsql_users_domain sepgsql_secret_table_t : db_table { getattr };
allow sepgsql_users_domain sepgsql_secret_table_t : db_column { getattr };
allow sepgsql_users_domain sepgsql_ro_table_t : db_table { getattr use select };
allow sepgsql_users_domain sepgsql_ro_table_t : db_column { getattr use select };
allow sepgsql_users_domain sepgsql_ro_table_t : db_tuple { use select };
allow sepgsql_users_domain sepgsql_fixed_table_t : db_table { getattr use select insert };
allow sepgsql_users_domain sepgsql_fixed_table_t : db_column { getattr use select insert };
allow sepgsql_users_domain sepgsql_fixed_table_t : db_tuple { use select insert };
allow sepgsql_users_domain sepgsql_proc_t : db_procedure { getattr execute };
allow { sepgsql_users_domain - sepgsql_admin_domain} sepgsql_user_proc_t : db_procedure { create drop getattr setattr execute };
allow sepgsql_users_domain sepgsql_trusted_proc_t : db_procedure { getattr execute entrypoint };
allow sepgsql_users_domain sepgsql_blob_t : db_blob { create drop getattr setattr read write };
allow sepgsql_users_domain sepgsql_ro_blob_t : db_blob { getattr read };
allow sepgsql_users_domain sepgsql_secret_blob_t : db_blob { getattr };
# type transition for procedure
type_transition { sepgsql_users_domain - sepgsql_admin_domain } sepgsql_database_type : db_procedure sepgsql_user_proc_t;
# trusted procedure
type_transition sepgsql_users_domain sepgsql_trusted_proc_t : process sepgsql_trusted_domain_t;
allow sepgsql_users_domain sepgsql_trusted_domain_t : process { transition };
########################################
#
# SE-PostgreSQL loadable shared library policy
#
allow sepgsql_database_type sepgsql_module_type : db_database { load_module };
########################################
#
# SE-PostgreSQL audit switch
#
tunable_policy(`sepgsql_enable_auditallow',`
auditallow domain sepgsql_database_type : db_database all_db_database_perms;
auditallow domain sepgsql_table_type : db_table all_db_table_perms;
auditallow domain sepgsql_table_type : db_column all_db_column_perms;
auditallow domain sepgsql_procedure_type : db_procedure all_db_procedure_perms;
auditallow domain sepgsql_blob_type : db_blob all_db_blob_perms;
auditallow domain sepgsql_server_type : db_blob { import export };
auditallow domain file_type : db_database { install_module };
')
tunable_policy(`sepgsql_enable_audittuple && sepgsql_enable_auditallow',`
auditallow domain sepgsql_table_type : db_tuple all_db_tuple_perms;
')
tunable_policy(`! sepgsql_enable_auditdeny',`
dontaudit domain sepgsql_database_type : db_database all_db_database_perms;
dontaudit domain sepgsql_table_type : db_table all_db_table_perms;
dontaudit domain sepgsql_table_type : db_column all_db_column_perms;
dontaudit domain sepgsql_procedure_type : db_procedure all_db_procedure_perms;
dontaudit domain sepgsql_blob_type : db_blob all_db_blob_perms;
dontaudit domain sepgsql_server_type : db_blob { import export };
dontaudit domain file_type : db_database { install_module };
')
tunable_policy(`! sepgsql_enable_audittuple || ! sepgsql_enable_auditdeny',`
dontaudit domain sepgsql_table_type : db_tuple all_db_tuple_perms;
')
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore 1 Sep 2007 02:10:32 -0000 1.1
+++ .cvsignore 1 Sep 2007 13:07:32 -0000 1.2
@@ -0,0 +1 @@
+postgresql-8.2.4.tar.gz
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources 1 Sep 2007 02:10:32 -0000 1.1
+++ sources 1 Sep 2007 13:07:32 -0000 1.2
@@ -0,0 +1 @@
+f7f2548c41b87ceb63a495dc47a67440 postgresql-8.2.4.tar.gz
More information about the fedora-extras-commits
mailing list