rpms/sepostgresql/devel sepostgresql-policy-8.3.3-2.patch, NONE, 1.1 sepostgresql-pg_dump-8.3.3-2.patch, 1.1, 1.2 sepostgresql-sepgsql-8.3.3-2.patch, 1.1, 1.2 sepostgresql.init, 1.20, 1.21 sepostgresql.spec, 1.21, 1.22 sepostgresql-pgace-8.3.3-2.patch, 1.1, NONE sepostgresql.fc, 1.1, NONE sepostgresql.if, 1.2, NONE sepostgresql.te, 1.20, NONE
KaiGai Kohei (kaigai)
fedora-extras-commits at redhat.com
Fri Jul 11 08:40:20 UTC 2008
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv15761
Modified Files:
sepostgresql-pg_dump-8.3.3-2.patch
sepostgresql-sepgsql-8.3.3-2.patch sepostgresql.init
sepostgresql.spec
Added Files:
sepostgresql-policy-8.3.3-2.patch
Removed Files:
sepostgresql-pgace-8.3.3-2.patch sepostgresql.fc
sepostgresql.if sepostgresql.te
Log Message:
update 8.3.x based SE-PostgreSQL which contains backports frmo 8.4devel tree
sepostgresql-policy-8.3.3-2.patch:
--- NEW FILE sepostgresql-policy-8.3.3-2.patch ---
diff -rpNU3 base/src/backend/security/sepgsql/policy/Makefile sepgsql/src/backend/security/sepgsql/policy/Makefile
--- base/src/backend/security/sepgsql/policy/Makefile 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/Makefile 2008-07-11 14:10:51.000000000 +0900
@@ -0,0 +1,41 @@
+#
+# contrib/sepgsql_policy/Makefile
+# Makefile of security policy module for SE-PostgreSQL
+#
+top_builddir = ../../../../..
+include $(top_builddir)/src/Makefile.global
+
+policy_basedir := /usr/share/selinux
+policy_makefile := $(policy_basedir)/devel/Makefile
+policy_types := targeted mls
+policy := $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config))
+package_names := sepostgresql sepostgresql-devel
+prefix_ptn := "s/%%__prefix__%%/$(shell echo $(prefix)|sed 's/\//\\\//g')/g"
+bindir_ptn := "s/%%__bindir__%%/$(shell echo $(bindir)|sed 's/\//\\\//g')/g"
+libdir_ptn := "s/%%__libdir__%%/$(shell echo $(pkglibdir)|sed 's/\//\\\//g')/g"
+
+all:
+ $(foreach pkg, $(package_names), $(foreach p, $(policy_types), $(MAKE) $(MAKEOVERRIDES) policy=$(p) $(pkg).pp;))
+ $(foreach pkg, $(package_names), test -e $(pkg).pp.$(policy) && ln -sf $(pkg).pp.$(policy) $(pkg).pp;)
+
+.install-policy:
+ test -d $(DESTDIR)$(policy_basedir)/$(policy) || install -d $(DESTDIR)$(policy_basedir)/$(policy)
+ $(foreach pkg, $(package_names), install -p -m 644 $(pkg).pp.$(policy) $(DESTDIR)$(policy_basedir)/$(policy)/$(pkg).pp;)
+
+install: all
+ $(foreach p, $(policy_types), $(MAKE) $(MAKEOVERRIDES) policy=$(p) .install-policy;)
+
+%.pp: %.te %.if %.fc
+ rm -f $@
+ $(MAKE) NAME=$(policy) -f $(policy_makefile) $@
+ mv $@ $@.$(policy)
+
+sepostgresql-devel.fc: sepostgresql.fc.template
+ cat $< | grep -v ^/var | sed -e $(prefix_ptn) -e $(bindir_ptn) -e $(libdir_ptn) > $@
+
+sepostgresql.fc: sepostgresql.fc.template
+ cat $< | sed -e $(prefix_ptn) -e $(bindir_ptn) -e $(libdir_ptn) > $@
+
+clean:
+ $(MAKE) -f $(policy_makefile) clean
+ rm -f *.pp.* *.fc
diff -rpNU3 base/src/backend/security/sepgsql/policy/README sepgsql/src/backend/security/sepgsql/policy/README
--- base/src/backend/security/sepgsql/policy/README 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/README 2008-07-11 14:10:51.000000000 +0900
@@ -0,0 +1,49 @@
+The security policy module of SE-PostgreSQL
+-------------------------------------------
+
+o Introduction
+
+ We provide two kind of security policy modules.
+
+ One is "sepostgresql.pp" which contains full-set of security policy
+ and suitable for legacy base policy (selinux-policy-3.4.1, or prior).
+
+ The other is "sepostgresql-devel.pp" which provides several booleans
+ for developers, and suitable for newer base policy (selinux-policy-3.4.2,
+ or later).
+
+ In the selinux-policy-3.4.2, most part of the policy got upstreamed.
+ So, we don't need to install "sepostgresql.pp" explicitly on the newer
+ base security policy.
+
+ If you need to run regression test, or (don't) want to generate access
+ logs, install "sepostgresql-devel.pp" and turn on/off booleans.
+
+o Build & Installation
+
+ $ cd src/backend/security/sepgsql/policy
+ $ make
+ $ su
+ # /usr/sbin/semodule -i sepostgresql-devel.pp
+ or
+ # /usr/sbin/semodule -i sepostgresql.pp
+
+o Booleans
+
+- sepgsql_enable_users_ddl (default: on)
+ This boolean enables to control to execute DDL statement come from
+ confined users.
+
+- sepgsql_enable_auditallow (default: off)
+ This boolean enables to generate access allow logs except for tuple
+ level.
+
+- sepgsql_enable_auditdeny (default: on)
+ This boolean enables to generata access denied logs except for tuple
+ level.
+
+- sepgsql_regression_test_mode (default: off)
+ This boolean provides several permission to run regression test on
+ your home directory. It enables to load shared library files deployed
+ on home directory.
+ However, we don't recommend it to turn on in the operation phase.
diff -rpNU3 base/src/backend/security/sepgsql/policy/sepostgresql-devel.if sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.if
--- base/src/backend/security/sepgsql/policy/sepostgresql-devel.if 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.if 2008-07-11 14:10:51.000000000 +0900
@@ -0,0 +1 @@
+## There are no interface declaration
diff -rpNU3 base/src/backend/security/sepgsql/policy/sepostgresql-devel.te sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.te
--- base/src/backend/security/sepgsql/policy/sepostgresql-devel.te 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/sepostgresql-devel.te 2008-07-11 14:10:51.000000000 +0900
@@ -0,0 +1,82 @@
+policy_module(sepostgresql-devel, 3.11)
+
+gen_require(`
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute domain, home_type;
+ attribute sepgsql_client_type;
+ attribute sepgsql_unconfined_type;
+
+ attribute sepgsql_database_type;
+ attribute sepgsql_table_type;
+ attribute sepgsql_sysobj_table_type;
+ attribute sepgsql_procedure_type;
+ attribute sepgsql_blob_type;
+ attribute sepgsql_module_type;
+')
+
+#################################
+#
+# SE-PostgreSQL Declarations
+#
+
+## <desc>
+## <p>
+## Allow to generate auditallow logs
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_auditallow, false)
+
+## <desc>
+## <p>
+## Allow to generate auditdeny logs
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_auditdeny, true)
+
+## <desc>
+## <p>
+## Allow widespread permissions for regression test
+## Don't set TRUE on operation phase
+## </p>
+## </desc>
+gen_tunable(sepgsql_regression_test_mode, false)
+
+########################################
+#
+# SE-PostgreSQL audit switch for debugging
+#
+tunable_policy(`sepgsql_enable_auditallow',`
+ auditallow domain sepgsql_database_type : db_database *;
+ auditallow domain sepgsql_table_type : db_table *;
+ auditallow domain sepgsql_table_type : db_column *;
+ auditallow domain sepgsql_procedure_type : db_procedure *;
+ auditallow domain sepgsql_blob_type : db_blob *;
+ auditallow domain sepgsql_module_type : db_database { install_module };
+ auditallow sepgsql_database_type sepgsql_module_type : db_database { load_module };
+')
+
+tunable_policy(`! sepgsql_enable_auditdeny',`
+ dontaudit domain sepgsql_database_type : db_database *;
+ dontaudit domain sepgsql_table_type : db_table *;
+ dontaudit domain sepgsql_table_type : db_column *;
+ dontaudit domain sepgsql_procedure_type : db_procedure *;
+ dontaudit domain sepgsql_blob_type : db_blob *;
+ dontaudit domain sepgsql_module_type : db_database { install_module };
+ dontaudit sepgsql_database_type sepgsql_module_type : db_database { load_module };
+')
+
+########################################
+#
+# SE-PostgreSQL regression test mode switch
+#
+tunable_policy(`sepgsql_regression_test_mode',`
+ allow sepgsql_client_type home_type : db_database { install_module };
+ allow sepgsql_unconfined_type home_type : db_database { install_module };
+ allow sepgsql_database_type home_type : db_database { load_module };
+')
diff -rpNU3 base/src/backend/security/sepgsql/policy/sepostgresql.fc.template sepgsql/src/backend/security/sepgsql/policy/sepostgresql.fc.template
--- base/src/backend/security/sepgsql/policy/sepostgresql.fc.template 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/sepostgresql.fc.template 2008-07-11 14:10:51.000000000 +0900
@@ -0,0 +1,15 @@
+#
+# SE-PostgreSQL install path
+#
+%%__prefix__%%(/.*)? -- gen_context(system_u:object_r:usr_t,s0)
+
+%%__bindir__%%/(se)?postgres -- gen_context(system_u:object_r:postgresql_exec_t,s0)
+%%__bindir__%%/(se)?pg_ctl -- gen_context(system_u:object_r:initrc_exec_t,s0)
+%%__bindir__%%/initdb(\.sepgsql)? -- gen_context(system_u:object_r:postgresql_exec_t,s0)
+%%__bindir__%%(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
+
+%%__libdir__%%(/.*)? -- gen_context(system_u:object_r:lib_t,s0)
+
+/var/lib/sepgsql(/.*)? gen_context(system_u:object_r:postgresql_db_t,s0)
+/var/lib/sepgsql/pgstartup\.log gen_context(system_u:object_r:postgresql_log_t,s0)
+/var/log/sepostgresql\.log.* -- gen_context(system_u:object_r:postgresql_log_t,s0)
diff -rpNU3 base/src/backend/security/sepgsql/policy/sepostgresql.if sepgsql/src/backend/security/sepgsql/policy/sepostgresql.if
--- base/src/backend/security/sepgsql/policy/sepostgresql.if 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/sepostgresql.if 2008-07-11 17:12:06.000000000 +0900
@@ -0,0 +1,259 @@
+#######################################
+## <summary>
+## The userdomain template for the SE-PostgreSQL.
+## </summary>
+## <desc>
+## This template creates a delivered types which are used
+## for given userdomains.
+## </desc>
+## <param name="userdomain_prefix">
+## <summary>
+## The prefix of the user domain (e.g., user
+## is the prefix for user_t).
+## </summary>
+## </param>
+## <param name="user_domain">
+## <summary>
+## The type of the user domain.
+## </summary>
+## </param>
+## <param name="user_role">
+## <summary>
+## The role associated with the user domain.
+## </summary>
+## </param>
+#
+template(`sepgsql_userdom_template',`
+ gen_require(`
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type;
+ attribute sepgsql_database_type;
+ attribute sepgsql_sysobj_table_type;
+
+ type sepgsql_trusted_proc_t;
+ type sepgsql_trusted_proc_exec_t;
+ ')
+
+ ########################################
+ #
+ # Declarations
+ #
+
+ typeattribute $2 sepgsql_client_type;
+
+ type $1_sepgsql_blob_t;
+ sepgsql_blob_object($1_sepgsql_blob_t)
+
+ type $1_sepgsql_proc_exec_t;
+ sepgsql_procedure_object($1_sepgsql_proc_exec_t)
+
+ type $1_sepgsql_sysobj_t;
+ sepgsql_system_table_object($1_sepgsql_sysobj_t)
+
+ type $1_sepgsql_table_t;
+ sepgsql_table_object($1_sepgsql_table_t)
+
+ role $3 types sepgsql_trusted_proc_t;
+
+ ##############################
+ #
+ # Client local policy
+ #
+
+ tunable_policy(`sepgsql_enable_users_ddl',`
+ allow $2 $1_sepgsql_table_t : db_table { create drop };
+ type_transition $2 sepgsql_database_type:db_table $1_sepgsql_table_t;
+
+ allow $2 $1_sepgsql_table_t : db_column { create drop };
+
+ allow $2 $1_sepgsql_sysobj_t : db_tuple { update insert delete };
+ type_transition $2 sepgsql_sysobj_table_type:db_tuple $1_sepgsql_sysobj_t;
+ ')
+
+ allow $2 $1_sepgsql_table_t : db_table { getattr setattr use select update insert delete };
+ allow $2 $1_sepgsql_table_t : db_column { getattr setattr use select update insert };
+ allow $2 $1_sepgsql_table_t : db_tuple { use select update insert delete };
+ allow $2 $1_sepgsql_sysobj_t : db_tuple { use select };
+
+ allow $2 $1_sepgsql_proc_exec_t : db_procedure { create drop getattr setattr execute };
+ type_transition $2 sepgsql_database_type:db_procedure $1_sepgsql_proc_exec_t;
+
+ allow $2 $1_sepgsql_blob_t : db_blob { create drop getattr setattr read write };
+ type_transition $2 sepgsql_database_type:db_blob $1_sepgsql_blob_t;
+
+ allow $2 sepgsql_trusted_proc_t:process transition;
+ type_transition $2 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+')
+
+########################################
+## <summary>
+## Marks as a SE-PostgreSQL loadable shared library module
+## </summary>
+## <param name="type">
+## <summary>
+## Type marked as a database object type.
+## </summary>
+## </param>
+#
+interface(`sepgsql_loadable_module',`
+ gen_require(`
+ attribute sepgsql_module_type;
+ ')
+
+ typeattribute $1 sepgsql_module_type;
+')
+
+########################################
+## <summary>
+## Marks as a SE-PostgreSQL database object type
+## </summary>
+## <param name="type">
+## <summary>
+## Type marked as a database object type.
+## </summary>
+## </param>
+#
+interface(`sepgsql_database_object',`
+ gen_require(`
+ attribute sepgsql_database_type;
+ ')
+
+ typeattribute $1 sepgsql_database_type;
+')
+
+########################################
+## <summary>
+## Marks as a SE-PostgreSQL table/column/tuple object type
+## </summary>
+## <param name="type">
+## <summary>
+## Type marked as a table/column/tuple object type.
+## </summary>
+## </param>
+#
+interface(`sepgsql_table_object',`
+ gen_require(`
+ attribute sepgsql_table_type;
+ ')
+
+ typeattribute $1 sepgsql_table_type;
+')
+
+########################################
+## <summary>
+## Marks as a SE-PostgreSQL system table/column/tuple object type
+## </summary>
+## <param name="type">
+## <summary>
+## Type marked as a table/column/tuple object type.
+## </summary>
+## </param>
+#
+interface(`sepgsql_system_table_object',`
+ gen_require(`
+ attribute sepgsql_table_type;
+ attribute sepgsql_sysobj_table_type;
+ ')
+
+ typeattribute $1 sepgsql_table_type;
+ typeattribute $1 sepgsql_sysobj_table_type;
+')
+
+########################################
+## <summary>
+## Marks as a SE-PostgreSQL procedure object type
+## </summary>
+## <param name="type">
+## <summary>
+## Type marked as a database object type.
+## </summary>
+## </param>
+#
+interface(`sepgsql_procedure_object',`
+ gen_require(`
+ attribute sepgsql_procedure_type;
+ ')
+
+ typeattribute $1 sepgsql_procedure_type;
+')
+
+########################################
+## <summary>
+## Marks as a SE-PostgreSQL binary large object type
+## </summary>
+## <param name="type">
+## <summary>
+## Type marked as a database binary large object type.
+## </summary>
+## </param>
+#
+interface(`sepgsql_blob_object',`
+ gen_require(`
+ attribute sepgsql_blob_type;
+ ')
+
+ typeattribute $1 sepgsql_blob_type;
+')
+
+########################################
+## <summary>
+## Allow the specified domain unprivileged accesses to unifined database objects
+## managed by SE-PostgreSQL,
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sepgsql_unpriv_client',`
+ gen_require(`
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute sepgsql_client_type;
+ attribute sepgsql_database_type;
+
+ type sepgsql_table_t;
+ type sepgsql_proc_t;
+ type sepgsql_blob_t;
+
+ type sepgsql_trusted_proc_t;
+ type sepgsql_trusted_proc_exec_t;
+ ')
+
+ typeattribute $1 sepgsql_client_type;
+
+ type_transition $1 sepgsql_database_type:db_table sepgsql_table_t;
+ type_transition $1 sepgsql_database_type:db_procedure sepgsql_proc_t;
+ type_transition $1 sepgsql_database_type:db_blob sepgsql_blob_t;
+
+ type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t;
+ allow $1 sepgsql_trusted_proc_t:process transition;
+')
+
+########################################
+## <summary>
+## Allow the specified domain unconfined accesses to any database objects
+## managed by SE-PostgreSQL,
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`sepgsql_unconfined',`
+ gen_require(`
+ attribute sepgsql_unconfined_type;
+ ')
+
+ typeattribute $1 sepgsql_unconfined_type;
+')
diff -rpNU3 base/src/backend/security/sepgsql/policy/sepostgresql.te sepgsql/src/backend/security/sepgsql/policy/sepostgresql.te
--- base/src/backend/security/sepgsql/policy/sepostgresql.te 1970-01-01 09:00:00.000000000 +0900
+++ sepgsql/src/backend/security/sepgsql/policy/sepostgresql.te 2008-07-11 17:12:06.000000000 +0900
@@ -0,0 +1,308 @@
+policy_module(sepostgresql, 3.11)
+
+gen_require(`
+ class db_database all_db_database_perms;
+ class db_table all_db_table_perms;
+ class db_procedure all_db_procedure_perms;
+ class db_column all_db_column_perms;
+ class db_tuple all_db_tuple_perms;
+ class db_blob all_db_blob_perms;
+
+ attribute domain, home_type;
+ type postgresql_t, unlabeled_t;
+
+ role system_r;
+')
+
+#################################
+#
+# SE-PostgreSQL Declarations
+#
+
+## <desc>
+## <p>
+## Allow to generate auditallow logs
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_auditallow, false)
+
+## <desc>
+## <p>
+## Allow to generate auditdeny logs
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_auditdeny, true)
+
+## <desc>
+## <p>
+## Allow unprivileged users to execute DDL statement
+## </p>
+## </desc>
+gen_tunable(sepgsql_enable_users_ddl, true)
+
+## <desc>
+## <p>
+## Allow widespread permissions for regression test
+## Don't set TRUE on operation phase
+## </p>
+## </desc>
+gen_tunable(sepgsql_regression_test_mode, false)
+
+# database clients attribute
+attribute sepgsql_client_type;
+attribute sepgsql_unconfined_type;
+
+# database objects attribute
+attribute sepgsql_database_type;
+attribute sepgsql_table_type;
+attribute sepgsql_sysobj_table_type;
+attribute sepgsql_procedure_type;
+attribute sepgsql_blob_type;
+attribute sepgsql_module_type;
+
+# database object types
+type sepgsql_blob_t;
+sepgsql_blob_object(sepgsql_blob_t)
+
+type sepgsql_db_t;
+sepgsql_database_object(sepgsql_db_t)
+
+type sepgsql_fixed_table_t;
+sepgsql_table_object(sepgsql_fixed_table_t)
+
+type sepgsql_proc_t;
+sepgsql_procedure_object(sepgsql_proc_t)
+
+type sepgsql_ro_blob_t;
+sepgsql_blob_object(sepgsql_ro_blob_t)
+
+type sepgsql_ro_table_t;
+sepgsql_table_object(sepgsql_ro_table_t)
+
+type sepgsql_secret_blob_t;
+sepgsql_blob_object(sepgsql_secret_blob_t)
+
+type sepgsql_secret_table_t;
+sepgsql_table_object(sepgsql_secret_table_t)
+
+type sepgsql_sysobj_t;
+sepgsql_system_table_object(sepgsql_sysobj_t)
+
+type sepgsql_table_t;
+sepgsql_table_object(sepgsql_table_t)
+
+type sepgsql_trusted_proc_exec_t;
+sepgsql_procedure_object(sepgsql_trusted_proc_exec_t)
+
+# Trusted Procedure Domain
+type sepgsql_trusted_proc_t;
+domain_type(sepgsql_trusted_proc_t)
+sepgsql_unconfined(sepgsql_trusted_proc_t)
+role system_r types sepgsql_trusted_proc_t;
+
+########################################
+#
+# SE-PostgreSQL Local Policy
+#
+allow postgresql_t self:netlink_selinux_socket create_socket_perms;
+selinux_get_enforce_mode(postgresql_t)
+selinux_validate_context(postgresql_t)
+selinux_compute_access_vector(postgresql_t)
+selinux_compute_create_context(postgresql_t)
+selinux_compute_relabel_context(postgresql_t)
+seutil_libselinux_linked(postgresql_t)
+
+allow postgresql_t sepgsql_database_type:db_database *;
+type_transition postgresql_t postgresql_t:db_database sepgsql_db_t;
+
+allow postgresql_t sepgsql_module_type:db_database install_module;
+allow postgresql_t sepgsql_table_type:{ db_table db_column db_tuple } *;
+allow postgresql_t sepgsql_procedure_type:db_procedure *;
+allow postgresql_t sepgsql_blob_type:db_blob *;
+
+# server specific type transitions
+type_transition postgresql_t sepgsql_database_type:db_table sepgsql_sysobj_t;
+type_transition postgresql_t sepgsql_database_type:db_procedure sepgsql_proc_t;
+type_transition postgresql_t sepgsql_database_type:db_blob sepgsql_blob_t;
+
+# Database/Loadable module
+allow sepgsql_database_type sepgsql_module_type:db_database load_module;
+
+########################################
+#
+# Rules common to all clients
+#
+
+# Client domain constraint
+allow sepgsql_client_type sepgsql_db_t:db_database { getattr access get_param set_param };
+type_transition sepgsql_client_type sepgsql_client_type:db_database sepgsql_db_t;
+
+allow sepgsql_client_type sepgsql_fixed_table_t:db_table { getattr use select insert };
+allow sepgsql_client_type sepgsql_fixed_table_t:db_column { getattr use select insert };
+allow sepgsql_client_type sepgsql_fixed_table_t:db_tuple { use select insert };
+
+allow sepgsql_client_type sepgsql_table_t:db_table { getattr use select update insert delete };
+allow sepgsql_client_type sepgsql_table_t:db_column { getattr use select update insert };
+allow sepgsql_client_type sepgsql_table_t:db_tuple { use select update insert delete };
+
+allow sepgsql_client_type sepgsql_ro_table_t:db_table { getattr use select };
+allow sepgsql_client_type sepgsql_ro_table_t:db_column { getattr use select };
+allow sepgsql_client_type sepgsql_ro_table_t:db_tuple { use select };
+
+allow sepgsql_client_type sepgsql_secret_table_t:db_table getattr;
+allow sepgsql_client_type sepgsql_secret_table_t:db_column getattr;
+
+allow sepgsql_client_type sepgsql_sysobj_t:db_table { getattr use select };
+allow sepgsql_client_type sepgsql_sysobj_t:db_column { getattr use select };
+allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { use select };
+
+allow sepgsql_client_type sepgsql_proc_t:db_procedure { getattr execute };
+allow sepgsql_client_type sepgsql_trusted_proc_t:db_procedure { getattr execute entrypoint };
+
+allow sepgsql_client_type sepgsql_blob_t:db_blob { create drop getattr setattr read write };
+allow sepgsql_client_type sepgsql_ro_blob_t:db_blob { getattr read };
+allow sepgsql_client_type sepgsql_secret_blob_t:db_blob getattr;
+
+tunable_policy(`sepgsql_enable_users_ddl',`
+ allow sepgsql_client_type sepgsql_table_t:db_table { create drop setattr };
+ allow sepgsql_client_type sepgsql_table_t:db_column { create drop setattr };
+ allow sepgsql_client_type sepgsql_sysobj_t:db_tuple { update insert delete };
+')
+
+########################################
+#
+# Unconfined access to this module
+#
+
+allow sepgsql_unconfined_type sepgsql_database_type:db_database *;
+allow sepgsql_unconfined_type sepgsql_table_type:{ db_table db_column db_tuple } *;
+allow sepgsql_unconfined_type sepgsql_blob_type:db_blob *;
+allow sepgsql_unconfined_type { sepgsql_proc_t sepgsql_trusted_proc_t }:db_procedure *;
+allow sepgsql_unconfined_type sepgsql_procedure_type:db_procedure { create drop getattr setattr relabelfrom relabelto };
+allow sepgsql_unconfined_type sepgsql_module_type:db_database install_module;
+
+type_transition sepgsql_unconfined_type sepgsql_unconfined_type:db_database sepgsql_db_t;
+type_transition sepgsql_unconfined_type sepgsql_database_type:db_table sepgsql_table_t;
+type_transition sepgsql_unconfined_type sepgsql_database_type:db_procedure sepgsql_proc_t;
+type_transition sepgsql_unconfined_type sepgsql_database_type:db_blob sepgsql_blob_t;
+
+
+########################################
+#
+# Allow permission to external domains
+#
+
+# relabelfrom for invalid security context
+allow sepgsql_unconfined_type unlabeled_t:db_database { setattr relabelfrom };
+allow sepgsql_unconfined_type unlabeled_t:db_table { setattr relabelfrom };
+allow sepgsql_unconfined_type unlabeled_t:db_procedure { setattr relabelfrom };
+allow sepgsql_unconfined_type unlabeled_t:db_column { setattr relabelfrom };
+allow sepgsql_unconfined_type unlabeled_t:db_tuple { update relabelfrom };
+allow sepgsql_unconfined_type unlabeled_t:db_blob { setattr relabelfrom };
+
+# administrative client domain
+optional_policy(`
+ gen_require(`
+ type unconfined_t;
+ ')
+ sepgsql_unconfined(unconfined_t)
+')
+
+optional_policy(`
+ gen_require(`
+ type sysadm_t;
+ ')
+ sepgsql_unconfined(sysadm_t)
+')
+
+# unprivilleged client domain
+optional_policy(`
+ gen_require(`
+ type user_t;
+ role user_r;
+ ')
+ sepgsql_userdom_template(user,user_t,user_r)
+')
+
+optional_policy(`
+ gen_require(`
+ type staff_t;
+ role staff_r;
+ ')
+ sepgsql_userdom_template(staff,staff_t,staff_r)
+')
+
+optional_policy(`
+ gen_require(`
+ type guest_t;
+ role guest_r;
+ ')
+ sepgsql_userdom_template(guest,guest_t,guest_r)
+')
+
+optional_policy(`
+ gen_require(`
+ type xguest_t;
+ role xguest_r;
+ ')
+ sepgsql_userdom_template(xguest,xguest_t,xguest_r)
+')
+
+optional_policy(`
+ gen_require(`
+ type httpd_t;
+ ')
+ sepgsql_unpriv_client(httpd_t)
+')
+
+optional_policy(`
+ gen_require(`
+ type httpd_sys_script_t;
+ ')
+ sepgsql_unpriv_client(httpd_sys_script_t)
+')
+
+# SE-PostgreSQL loadable modules
+optional_policy(`
+ gen_require(`
+ type lib_t, textrel_shlib_t;
+ ')
+ sepgsql_loadable_module(lib_t)
+ sepgsql_loadable_module(textrel_shlib_t)
+')
+
+########################################
+#
+# SE-PostgreSQL audit switch for debugging
+#
+tunable_policy(`sepgsql_enable_auditallow',`
+ auditallow domain sepgsql_database_type : db_database *;
+ auditallow domain sepgsql_table_type : db_table *;
+ auditallow domain sepgsql_table_type : db_column *;
+ auditallow domain sepgsql_procedure_type : db_procedure *;
+ auditallow domain sepgsql_blob_type : db_blob *;
+ auditallow domain sepgsql_module_type : db_database { install_module };
+ auditallow sepgsql_database_type sepgsql_module_type : db_database { load_module };
+')
+
+tunable_policy(`! sepgsql_enable_auditdeny',`
+ dontaudit domain sepgsql_database_type : db_database *;
+ dontaudit domain sepgsql_table_type : db_table *;
+ dontaudit domain sepgsql_table_type : db_column *;
+ dontaudit domain sepgsql_procedure_type : db_procedure *;
+ dontaudit domain sepgsql_blob_type : db_blob *;
+ dontaudit domain sepgsql_module_type : db_database { install_module };
+ dontaudit sepgsql_database_type sepgsql_module_type : db_database { load_module };
+')
+
+dontaudit domain { sepgsql_table_type - sepgsql_sysobj_table_type } : db_tuple { use select update insert delete };
+
+########################################
+#
+# SE-PostgreSQL regression test mode switch
+#
+tunable_policy(`sepgsql_regression_test_mode',`
+ allow sepgsql_client_type home_type : db_database { install_module };
+ allow sepgsql_unconfined_type home_type : db_database { install_module };
+ allow sepgsql_database_type home_type : db_database { load_module };
+')
sepostgresql-pg_dump-8.3.3-2.patch:
Index: sepostgresql-pg_dump-8.3.3-2.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-pg_dump-8.3.3-2.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sepostgresql-pg_dump-8.3.3-2.patch 13 Jun 2008 04:05:55 -0000 1.1
+++ sepostgresql-pg_dump-8.3.3-2.patch 11 Jul 2008 08:39:31 -0000 1.2
@@ -1,13 +1,303 @@
-diff -rpNU3 pgace/src/bin/pg_dump/pg_dump.c sepgsql/src/bin/pg_dump/pg_dump.c
---- pgace/src/bin/pg_dump/pg_dump.c 2008-02-03 01:18:48.000000000 +0900
-+++ sepgsql/src/bin/pg_dump/pg_dump.c 2008-02-03 01:26:35.000000000 +0900
-@@ -118,6 +118,9 @@ static int g_numNamespaces;
+diff -rpNU3 base/src/bin/pg_dump/pg_ace_dump.h sepgsql/src/bin/pg_dump/pg_ace_dump.h
+--- base/src/bin/pg_dump/pg_ace_dump.h 1970-01-01 09:00:00.000000000 +0900
++++ sepgsql/src/bin/pg_dump/pg_ace_dump.h 2008-07-11 14:10:51.000000000 +0900
+@@ -0,0 +1,279 @@
++#ifndef PG_ACE_DUMP_H
++#define PG_ACE_DUMP_H
++
++#include "pg_backup.h"
++#include "pg_dump.h"
++
++#define PG_ACE_FEATURE_NOTHING 0
++#define PG_ACE_FEATURE_SELINUX 1
++
++#define SELINUX_SYSATTR_NAME "security_context"
++
++/*
++ * pg_ace_dumpCheckServerFeature
++ *
++ * This hook checks whether the server has required feature, or not.
++ */
++static inline void
++pg_ace_dumpCheckServerFeature(int feature, PGconn *conn)
++{
++ const char *serv_feature;
++
++ if (feature == PG_ACE_FEATURE_NOTHING)
++ return;
++
++ serv_feature = PQparameterStatus(conn, "pgace_security_feature");
++ if (!serv_feature)
++ {
++ fprintf(stderr, "could not get pgace_feature parameter.\n");
++ exit(1);
++ }
++
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ if (strcmp(serv_feature, "selinux") != 0)
++ {
++ fprintf(stderr, "server does not have SELinux feature\n");
++ exit(1);
++ }
++ }
++}
++
++/*
++ * pg_ace_dumpDatabaseXXXX
++ *
++ * These hooks gives a chance to inject a security system column
++ * on dumping pg_database system catalog.
++ * A modified part must have ",d.<security column>" style, and
++ * its result should be printed to buf.
++ */
++static inline const char *
++pg_ace_dumpDatabaseQuery(int feature)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ return (",d." SELINUX_SYSATTR_NAME);
++
++ return "";
++}
++
++static inline void
++pg_ace_dumpDatabasePrint(int feature, PQExpBuffer buf,
++ PGresult *res, int index)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ int i_security = PQfnumber(res, SELINUX_SYSATTR_NAME);
++ char *dbsecurity = PQgetvalue(res, index, i_security);
++
++ if (dbsecurity)
++ appendPQExpBuffer(buf, " SECURITY_CONTEXT = '%s'", dbsecurity);
++ }
++}
++
++/*
++ * pg_ace_dumpClassXXXX
++ *
++ * These hooks give a chance to inject a security system column
++ * on dumping pg_class system catalog. The modified part has to
++ * be formalized to ",c.<security column>" style. The result
++ * should be preserved at TableInfo->relsecurity to print later,
++ * if exist.
++ */
++static inline const char *
++pg_ace_dumpClassQuery(int feature)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ return (",c." SELINUX_SYSATTR_NAME);
++
++ return "";
++}
++
++static inline char *
++pg_ace_dumpClassPreserve(int feature, PGresult *res, int index)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ int attno = PQfnumber(res, SELINUX_SYSATTR_NAME);
++ char *relcontext;
++
++ if (attno < 0)
++ return NULL;
++
++ relcontext = PQgetvalue(res, index, attno);
++
++ return !relcontext ? NULL : strdup(relcontext);
++ }
++
++ return NULL;
++}
++
++static inline void
++pg_ace_dumpClassPrint(int feature, PQExpBuffer buf, TableInfo *tbinfo)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ char *relcontext = tbinfo->relsecurity;
++
++ if (relcontext)
++ appendPQExpBuffer(buf, " SECURITY_CONTEXT = '%s'", relcontext);
++
++ return;
++ }
++}
++
++/*
++ * pg_ace_dumpAttributeXXXX
++ *
++ * These hooks give a chance to inject a security system column
++ * on dumping pg_attribute system catalog. The modified part has
++ * to be formalized to ",a.<security conlumn>" style. The result
++ * should be preserved at TableInfo->attsecurity[index] to print
++ * later, if exist.
++ */
++static inline const char *
++pg_ace_dumpAttributeQuery(int feature)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ return (",a." SELINUX_SYSATTR_NAME);
++
++ return "";
++}
++
++static inline char *
++pg_ace_dumpAttributePreserve(int feature, PGresult *res, int index)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ int attno = PQfnumber(res, SELINUX_SYSATTR_NAME);
++ char *attcontext;
++
++ if (attno < 0)
++ return NULL;
++
++ attcontext = PQgetvalue(res, index, attno);
++
++ return !attcontext ? NULL : strdup(attcontext);
++ }
++
++ return NULL;
++}
++
++static inline void
++pg_ace_dumpAttributePrint(int feature, PQExpBuffer buf,
++ TableInfo *tbinfo, int index)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ char *relcontext = tbinfo->relsecurity;
++ char *attcontext = tbinfo->attsecurity[index];
++
++ if (attcontext)
++ {
++ if (relcontext && strcmp(relcontext, attcontext) == 0)
++ return;
++
++ appendPQExpBuffer(buf, " SECURITY_CONTEXT = '%s'", attcontext);
++ }
++ return;
++ }
++}
++
++/*
++ * pg_ace_dumpProcXXXX
++ *
++ * These hooks give a chance to inject a security system column
++ * on dumping pg_proc system catalog. The modified part has to be
++ * formalized to "<security conlumn>" style. The result should be
++ * printed later, if exist.
++ */
++static inline const char *
++pg_ace_dumpProcQuery(int feature)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ return ("," SELINUX_SYSATTR_NAME);
++
++ return "";
++}
++
++static inline void
++pg_ace_dumpProcPrint(int feature, PQExpBuffer buf,
++ PGresult *res, int index)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ int i_selinux = PQfnumber(res, SELINUX_SYSATTR_NAME);
++ char *prosecurity;
++
++ if (i_selinux < 0)
++ return;
++
++ prosecurity = PQgetvalue(res, index, i_selinux);
++ if (prosecurity)
++ appendPQExpBuffer(buf, " SECURITY_CONTEXT = '%s'", prosecurity);
++ }
++}
++
++/*
++ * pg_ace_dumpTableDataQuery
++ *
++ * This hook gives a chance to inject a security attribute system column
++ * on dumping of user's table.
++ * It must have ",<security column>" style.
++ */
++static inline const char *
++pg_ace_dumpTableDataQuery(int feature)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ return ("," SELINUX_SYSATTR_NAME);
++
++ return "";
++}
++
++/*
++ * pg_ace_dumpCopyColumnList
++ *
++ * This hook gives a chance to inject a security attribute column within
++ * COPY statement. When a column is added, you have to return true. It
++ * enables to set needComma 'true', otherwise 'false'.
++ */
++static inline bool
++pg_ace_dumpCopyColumnList(int feature, PQExpBuffer buf)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ appendPQExpBuffer(buf, SELINUX_SYSATTR_NAME);
++ return true;
++ }
++
++ return false;
++}
++
++/*
++ * pg_ace_dumpBlobComments
++ *
++ * This hook gives a chance to inject a query to restore a security
++ * attribute of binary large object.
++ */
++static inline void
++pg_ace_dumpBlobComments(int feature, Archive *AH, PGconn *conn, Oid blobOid)
++{
++ if (feature == PG_ACE_FEATURE_SELINUX)
++ {
++ PGresult *res;
++ char query[256];
++
++ snprintf(query, sizeof(query),
++ "SELECT lo_get_security(%u)", blobOid);
++ res = PQexec(conn, query);
++ if (!res)
++ return;
++
++ if (PQresultStatus(res) == PGRES_TUPLES_OK && PQntuples(res) == 1)
++ archprintf(AH, "SELECT lo_set_security(%u, '%s');\n",
++ blobOid, PQgetvalue(res, 0, 0));
++
++ PQclear(res);
++ }
++}
++
++#endif
+diff -rpNU3 base/src/bin/pg_dump/pg_dump.c sepgsql/src/bin/pg_dump/pg_dump.c
+--- base/src/bin/pg_dump/pg_dump.c 2008-02-03 01:11:28.000000000 +0900
++++ sepgsql/src/bin/pg_dump/pg_dump.c 2008-07-11 14:10:51.000000000 +0900
+@@ -50,6 +50,7 @@ int optreset;
+
+ #include "pg_backup_archiver.h"
+ #include "dumputils.h"
++#include "pg_ace_dump.h"
+
+ extern char *optarg;
+ extern int optind,
+@@ -118,6 +119,8 @@ static int g_numNamespaces;
/* flag to turn on/off dollar quoting */
static int disable_dollar_quoting = 0;
-+/* flag to tuen on/off SE-PostgreSQL support */
-+#define SELINUX_SYSATTR_NAME "security_context"
-+static int enable_selinux = 0;
++/* flag to turn on/off security attribute support */
++static int pg_ace_feature = PG_ACE_FEATURE_NOTHING;
static void help(const char *progname);
static void expand_schema_name_patterns(SimpleStringList *patterns,
@@ -15,7 +305,7 @@
{"disable-dollar-quoting", no_argument, &disable_dollar_quoting, 1},
{"disable-triggers", no_argument, &disable_triggers, 1},
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
-+ {"enable-selinux", no_argument, &enable_selinux, 1},
++ {"security-context", no_argument, &pg_ace_feature, PG_ACE_FEATURE_SELINUX},
{NULL, 0, NULL, 0}
};
@@ -23,79 +313,45 @@
disable_triggers = 1;
else if (strcmp(optarg, "use-set-session-authorization") == 0)
use_setsessauth = 1;
-+ else if (strcmp(optarg, "enable-selinux") == 0)
-+ enable_selinux = 1;
++ else if (strcmp(optarg, "security-context") == 0)
++ pg_ace_feature = PG_ACE_FEATURE_SELINUX;
else
{
fprintf(stderr,
-@@ -549,6 +555,24 @@ main(int argc, char **argv)
+@@ -549,6 +555,8 @@ main(int argc, char **argv)
std_strings = PQparameterStatus(g_conn, "standard_conforming_strings");
g_fout->std_strings = (std_strings && strcmp(std_strings, "on") == 0);
-+ if (enable_selinux) {
-+ /* confirm whther server support SELinux features */
-+ const char *tmp = PQparameterStatus(g_conn, "security_sysattr_name");
-+
-+ if (!tmp) {
-+ write_msg(NULL, "could not get security_sysattr_name from libpq\n");
-+ exit(1);
-+ }
-+ if (!!strcmp(SELINUX_SYSATTR_NAME, tmp) != 0) {
-+ write_msg(NULL, "server does not have SELinux feature\n");
-+ exit(1);
-+ }
-+ if (g_fout->remoteVersion < 80204) {
-+ write_msg(NULL, "server version is too old (%u)\n", g_fout->remoteVersion);
-+ exit(1);
-+ }
-+ }
++ pg_ace_dumpCheckServerFeature(pg_ace_feature, g_conn);
+
/* Set the datestyle to ISO to ensure the dump's portability */
do_sql_command(g_conn, "SET DATESTYLE = ISO");
-@@ -771,6 +795,7 @@ help(const char *progname)
+@@ -771,6 +779,7 @@ help(const char *progname)
printf(_(" --use-set-session-authorization\n"
" use SESSION AUTHORIZATION commands instead of\n"
" ALTER OWNER commands to set ownership\n"));
-+ printf(_(" --enable-selinux enable to dump security context in SE-PostgreSQL\n"));
++ printf(_(" --security-context enable to dump security context of SE-PostgreSQL\n"));
printf(_("\nConnection options:\n"));
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
-@@ -1160,7 +1185,8 @@ dumpTableData_insert(Archive *fout, void
+@@ -1160,7 +1169,8 @@ dumpTableData_insert(Archive *fout, void
if (fout->remoteVersion >= 70100)
{
appendPQExpBuffer(q, "DECLARE _pg_dump_cursor CURSOR FOR "
- "SELECT * FROM ONLY %s",
+ "SELECT * %s FROM ONLY %s",
-+ (!enable_selinux ? "" : "," SELINUX_SYSATTR_NAME),
++ pg_ace_dumpTableDataQuery(pg_ace_feature),
fmtQualifiedId(tbinfo->dobj.namespace->dobj.name,
classname));
}
-@@ -1774,11 +1800,32 @@ dumpBlobComments(Archive *AH, void *arg)
+@@ -1774,11 +1784,14 @@ dumpBlobComments(Archive *AH, void *arg)
Oid blobOid;
char *comment;
+ blobOid = atooid(PQgetvalue(res, i, 0));
+
-+ /* dump security context of binary large object */
-+ if (enable_selinux) {
-+ PGresult *__res;
-+ char query[512];
-+
-+ snprintf(query, sizeof(query),
-+ "SELECT lo_get_security(%u)", blobOid);
-+ __res = PQexec(g_conn, query);
-+ check_sql_result(__res, g_conn, query, PGRES_TUPLES_OK);
-+
-+ if (PQntuples(__res) != 1) {
-+ write_msg(NULL, "lo_get_security(%u) returns %d tuples\n",
-+ blobOid, PQntuples(__res));
-+ exit_nicely();
-+ }
-+ archprintf(AH, "SELECT lo_set_security(%u, '%s');\n",
-+ blobOid, PQgetvalue(__res, 0, 0));
-+ PQclear(__res);
-+ }
++ pg_ace_dumpBlobComments(pg_ace_feature, AH, g_conn, blobOid);
+
/* ignore blobs without comments */
if (PQgetisnull(res, i, 1))
@@ -105,15 +361,7 @@
comment = PQgetvalue(res, i, 1);
printfPQExpBuffer(commentcmd, "COMMENT ON LARGE OBJECT %u IS ",
-@@ -2886,6 +2933,7 @@ getTables(int *numTables)
- int i_owning_col;
- int i_reltablespace;
- int i_reloptions;
-+ int i_selinux;
-
- /* Make sure we are in proper schema */
- selectSourceSchema("pg_catalog");
-@@ -2926,6 +2974,7 @@ getTables(int *numTables)
+@@ -2926,6 +2939,7 @@ getTables(int *numTables)
"d.refobjsubid as owning_col, "
"(SELECT spcname FROM pg_tablespace t WHERE t.oid = c.reltablespace) AS reltablespace, "
"array_to_string(c.reloptions, ', ') as reloptions "
@@ -121,41 +369,23 @@
"from pg_class c "
"left join pg_depend d on "
"(c.relkind = '%c' and "
-@@ -2935,6 +2984,7 @@ getTables(int *numTables)
+@@ -2935,6 +2949,7 @@ getTables(int *numTables)
"where relkind in ('%c', '%c', '%c', '%c') "
"order by c.oid",
username_subquery,
-+ (!enable_selinux ? "" : ",c." SELINUX_SYSATTR_NAME),
++ pg_ace_dumpClassQuery(pg_ace_feature),
RELKIND_SEQUENCE,
RELKIND_RELATION, RELKIND_SEQUENCE,
RELKIND_VIEW, RELKIND_COMPOSITE_TYPE);
-@@ -3101,6 +3151,7 @@ getTables(int *numTables)
- i_owning_col = PQfnumber(res, "owning_col");
- i_reltablespace = PQfnumber(res, "reltablespace");
- i_reloptions = PQfnumber(res, "reloptions");
-+ i_selinux = PQfnumber(res, SELINUX_SYSATTR_NAME);
-
- for (i = 0; i < ntups; i++)
- {
-@@ -3131,6 +3182,9 @@ getTables(int *numTables)
+@@ -3131,6 +3146,7 @@ getTables(int *numTables)
}
tblinfo[i].reltablespace = strdup(PQgetvalue(res, i, i_reltablespace));
tblinfo[i].reloptions = strdup(PQgetvalue(res, i, i_reloptions));
-+ tblinfo[i].relsecurity = NULL;
-+ if (i_selinux >= 0)
-+ tblinfo[i].relsecurity = strdup(PQgetvalue(res, i, i_selinux));
++ tblinfo[i].relsecurity = pg_ace_dumpClassPreserve(pg_ace_feature, res, i);
/* other fields were zeroed above */
-@@ -4319,6 +4373,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
- int i_atthasdef;
- int i_attisdropped;
- int i_attislocal;
-+ int i_attselinux;
- PGresult *res;
- int ntups;
- bool hasdefaults;
-@@ -4362,11 +4417,13 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4362,11 +4378,13 @@ getTableAttrs(TableInfo *tblinfo, int nu
appendPQExpBuffer(q, "SELECT a.attnum, a.attname, a.atttypmod, a.attstattarget, a.attstorage, t.typstorage, "
"a.attnotnull, a.atthasdef, a.attisdropped, a.attislocal, "
"pg_catalog.format_type(t.oid,a.atttypmod) as atttypname "
@@ -165,19 +395,11 @@
"where a.attrelid = '%u'::pg_catalog.oid "
"and a.attnum > 0::pg_catalog.int2 "
"order by a.attrelid, a.attnum",
-+ (!enable_selinux ? "" : ",a." SELINUX_SYSATTR_NAME),
++ pg_ace_dumpAttributeQuery(pg_ace_feature),
tbinfo->dobj.catId.oid);
}
else if (g_fout->remoteVersion >= 70100)
-@@ -4415,6 +4472,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
- i_atthasdef = PQfnumber(res, "atthasdef");
- i_attisdropped = PQfnumber(res, "attisdropped");
- i_attislocal = PQfnumber(res, "attislocal");
-+ i_attselinux = PQfnumber(res, SELINUX_SYSATTR_NAME);
-
- tbinfo->numatts = ntups;
- tbinfo->attnames = (char **) malloc(ntups * sizeof(char *));
-@@ -4425,6 +4483,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4425,6 +4443,7 @@ getTableAttrs(TableInfo *tblinfo, int nu
tbinfo->typstorage = (char *) malloc(ntups * sizeof(char));
tbinfo->attisdropped = (bool *) malloc(ntups * sizeof(bool));
tbinfo->attislocal = (bool *) malloc(ntups * sizeof(bool));
@@ -185,97 +407,67 @@
tbinfo->notnull = (bool *) malloc(ntups * sizeof(bool));
tbinfo->attrdefs = (AttrDefInfo **) malloc(ntups * sizeof(AttrDefInfo *));
tbinfo->inhAttrs = (bool *) malloc(ntups * sizeof(bool));
-@@ -4456,6 +4515,11 @@ getTableAttrs(TableInfo *tblinfo, int nu
+@@ -4456,6 +4475,8 @@ getTableAttrs(TableInfo *tblinfo, int nu
tbinfo->inhAttrs[j] = false;
tbinfo->inhAttrDef[j] = false;
tbinfo->inhNotNull[j] = false;
+
-+ /* security attribute, if defined */
-+ tbinfo->attsecurity[j] = NULL;
-+ if (i_attselinux >= 0 && !PQgetisnull(res, j, i_attselinux))
-+ tbinfo->attsecurity[j] = strdup(PQgetvalue(res, j, i_attselinux));
++ tbinfo->attsecurity[j] = pg_ace_dumpAttributePreserve(pg_ace_feature, res, j);
}
PQclear(res);
-@@ -6428,6 +6492,7 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
- char *proconfig;
- char *procost;
- char *prorows;
-+ char *proselinux = NULL;
- char *lanname;
- char *rettypename;
- int nallargs;
-@@ -6459,8 +6524,10 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6459,8 +6480,10 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
"provolatile, proisstrict, prosecdef, "
"proconfig, procost, prorows, "
"(SELECT lanname FROM pg_catalog.pg_language WHERE oid = prolang) as lanname "
+ "%s " /* security context, if required */
"FROM pg_catalog.pg_proc "
"WHERE oid = '%u'::pg_catalog.oid",
-+ (!enable_selinux ? "" : "," SELINUX_SYSATTR_NAME),
++ pg_ace_dumpProcQuery(pg_ace_feature),
finfo->dobj.catId.oid);
}
else if (g_fout->remoteVersion >= 80100)
-@@ -6562,6 +6629,13 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
- prorows = PQgetvalue(res, 0, PQfnumber(res, "prorows"));
- lanname = PQgetvalue(res, 0, PQfnumber(res, "lanname"));
-
-+ if (enable_selinux) {
-+ int i_selinux = PQfnumber(res, "security_context");
-+
-+ if (i_selinux >= 0 && !PQgetisnull(res, 0, i_selinux))
-+ proselinux = PQgetvalue(res, 0, i_selinux);
-+ }
-+
- /*
- * See backend/commands/define.c for details of how the 'AS' clause is
- * used.
-@@ -6698,6 +6772,9 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
+@@ -6698,6 +6721,8 @@ dumpFunc(Archive *fout, FuncInfo *finfo)
if (prosecdef[0] == 't')
appendPQExpBuffer(q, " SECURITY DEFINER");
-+ if (proselinux)
-+ appendPQExpBuffer(q, " CONTEXT = '%s'", proselinux);
++ pg_ace_dumpProcPrint(pg_ace_feature, q, res, 0);
+
/*
* COST and ROWS are emitted only if present and not default, so as not to
* break backwards-compatibility of the dump without need. Keep this code
-@@ -8779,6 +8856,9 @@ dumpTableSchema(Archive *fout, TableInfo
+@@ -8779,6 +8804,8 @@ dumpTableSchema(Archive *fout, TableInfo
if (tbinfo->notnull[j] && !tbinfo->inhNotNull[j])
appendPQExpBuffer(q, " NOT NULL");
-+ if (enable_selinux && tbinfo->attsecurity[j])
-+ appendPQExpBuffer(q, " CONTEXT = '%s'", tbinfo->attsecurity[j]);
++ pg_ace_dumpAttributePrint(pg_ace_feature, q, tbinfo, j);
+
actual_atts++;
}
}
-@@ -8826,6 +8906,9 @@ dumpTableSchema(Archive *fout, TableInfo
+@@ -8826,6 +8853,8 @@ dumpTableSchema(Archive *fout, TableInfo
if (tbinfo->reloptions && strlen(tbinfo->reloptions) > 0)
appendPQExpBuffer(q, "\nWITH (%s)", tbinfo->reloptions);
-+ if (enable_selinux && tbinfo->relsecurity)
-+ appendPQExpBuffer(q, " CONTEXT = '%s'", tbinfo->relsecurity);
++ pg_ace_dumpClassPrint(pg_ace_feature, q, tbinfo);
+
appendPQExpBuffer(q, ";\n");
/* Loop dumping statistics and storage statements */
-@@ -10243,6 +10326,12 @@ fmtCopyColumnList(const TableInfo *ti)
+@@ -10243,6 +10272,10 @@ fmtCopyColumnList(const TableInfo *ti)
appendPQExpBuffer(q, "(");
needComma = false;
+
-+ if (enable_selinux) {
-+ appendPQExpBuffer(q, SELINUX_SYSATTR_NAME);
++ if (pg_ace_dumpCopyColumnList(pg_ace_feature, q))
+ needComma = true;
-+ }
+
for (i = 0; i < numatts; i++)
{
if (attisdropped[i])
-diff -rpNU3 pgace/src/bin/pg_dump/pg_dump.h sepgsql/src/bin/pg_dump/pg_dump.h
---- pgace/src/bin/pg_dump/pg_dump.h 2008-01-08 01:39:49.000000000 +0900
-+++ sepgsql/src/bin/pg_dump/pg_dump.h 2008-01-10 18:25:12.000000000 +0900
+diff -rpNU3 base/src/bin/pg_dump/pg_dump.h sepgsql/src/bin/pg_dump/pg_dump.h
+--- base/src/bin/pg_dump/pg_dump.h 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/bin/pg_dump/pg_dump.h 2008-06-15 22:27:55.000000000 +0900
@@ -238,6 +238,7 @@ typedef struct _tableInfo
char relkind;
char *reltablespace; /* relation tablespace */
@@ -292,16 +484,23 @@
/*
* Note: we need to store per-attribute notnull, default, and constraint
-diff -rpNU3 pgace/src/bin/pg_dump/pg_dumpall.c sepgsql/src/bin/pg_dump/pg_dumpall.c
---- pgace/src/bin/pg_dump/pg_dumpall.c 2008-01-08 01:39:49.000000000 +0900
-+++ sepgsql/src/bin/pg_dump/pg_dumpall.c 2008-01-10 18:25:12.000000000 +0900
-@@ -67,6 +67,10 @@ static int disable_triggers = 0;
+diff -rpNU3 base/src/bin/pg_dump/pg_dumpall.c sepgsql/src/bin/pg_dump/pg_dumpall.c
+--- base/src/bin/pg_dump/pg_dumpall.c 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/bin/pg_dump/pg_dumpall.c 2008-07-11 14:10:51.000000000 +0900
+@@ -27,6 +27,7 @@ int optreset;
+ #endif
+
+ #include "dumputils.h"
++#include "pg_ace_dump.h"
+
+
+ /* version string we expect back from pg_dump */
+@@ -67,6 +68,9 @@ static int disable_triggers = 0;
static int use_setsessauth = 0;
static int server_version;
-+/* flag to tuen on/off SE-PostgreSQL support */
-+#define SELINUX_SYSATTR_NAME "security_context"
-+static int enable_selinux = 0;
++/* flag to turn on/off security attribute support */
++static int pg_ace_feature = PG_ACE_FEATURE_NOTHING;
+
static FILE *OPF;
static char *filename = NULL;
@@ -310,67 +509,46 @@
{"disable-dollar-quoting", no_argument, &disable_dollar_quoting, 1},
{"disable-triggers", no_argument, &disable_triggers, 1},
{"use-set-session-authorization", no_argument, &use_setsessauth, 1},
-+ {"enable-selinux", no_argument, NULL, 1001},
++ {"security-context", no_argument, &pg_ace_feature, PG_ACE_FEATURE_SELINUX},
{NULL, 0, NULL, 0}
};
-@@ -290,6 +295,10 @@ main(int argc, char *argv[])
+@@ -290,6 +295,8 @@ main(int argc, char *argv[])
appendPQExpBuffer(pgdumpopts, " --disable-triggers");
else if (strcmp(optarg, "use-set-session-authorization") == 0)
/* no-op, still allowed for compatibility */ ;
-+ else if (strcmp(optarg, "enable-selinux") == 0) {
-+ appendPQExpBuffer(pgdumpopts, " --enable-selinux");
-+ enable_selinux = 1;
-+ }
++ else if (strcmp(optarg, "security-context") == 0)
++ pg_ace_feature = PG_ACE_FEATURE_SELINUX;
else
{
fprintf(stderr,
-@@ -300,6 +309,11 @@ main(int argc, char *argv[])
- }
- break;
-
-+ case 1001:
-+ appendPQExpBuffer(pgdumpopts, " --enable-selinux");
-+ enable_selinux = 1;
-+ break;
-+
- case 0:
- break;
+@@ -316,6 +323,8 @@ main(int argc, char *argv[])
+ appendPQExpBuffer(pgdumpopts, " --disable-triggers");
+ if (use_setsessauth)
+ appendPQExpBuffer(pgdumpopts, " --use-set-session-authorization");
++ if (pg_ace_feature == PG_ACE_FEATURE_SELINUX)
++ appendPQExpBuffer(pgdumpopts, " --security-context");
-@@ -391,6 +405,24 @@ main(int argc, char *argv[])
+ if (optind < argc)
+ {
+@@ -391,6 +400,8 @@ main(int argc, char *argv[])
}
}
-+ if (enable_selinux) {
-+ /* confirm whther server support SELinux features */
-+ const char *tmp = PQparameterStatus(conn, "security_sysattr_name");
-+
-+ if (!tmp) {
-+ fprintf(stderr, "could not get security_sysattr_name from libpq\n");
-+ exit(1);
-+ }
-+ if (!!strcmp(SELINUX_SYSATTR_NAME, tmp) != 0) {
-+ fprintf(stderr, "server does not have SELinux feature\n");
-+ exit(1);
-+ }
-+ if (server_version < 80204) {
-+ fprintf(stderr, "server version is too old (%u)\n", server_version);
-+ exit(1);
-+ }
-+ }
++ pg_ace_dumpCheckServerFeature(pg_ace_feature, conn);
+
/*
* Open the output file if required, otherwise use stdout
*/
-@@ -505,6 +537,7 @@ help(void)
+@@ -505,6 +516,7 @@ help(void)
printf(_(" --use-set-session-authorization\n"
" use SESSION AUTHORIZATION commands instead of\n"
" OWNER TO commands\n"));
-+ printf(_(" --enable-selinux enable to dump security attribute\n"));
++ printf(_(" --security-context enables to dump security context of SE-PostgreSQL\n"));
printf(_("\nConnection options:\n"));
printf(_(" -h, --host=HOSTNAME database server host or socket directory\n"));
-@@ -915,16 +948,18 @@ dumpCreateDB(PGconn *conn)
+@@ -915,16 +927,18 @@ dumpCreateDB(PGconn *conn)
fprintf(OPF, "--\n-- Database creation\n--\n\n");
if (server_version >= 80100)
@@ -385,14 +563,14 @@
"FROM pg_database d LEFT JOIN pg_authid u ON (datdba = u.oid) "
- "WHERE datallowconn ORDER BY 1");
+ "WHERE datallowconn ORDER BY 1",
-+ (!enable_selinux ? "" : "d." SELINUX_SYSATTR_NAME));
++ pg_ace_dumpDatabaseQuery(pg_ace_feature));
else if (server_version >= 80000)
- res = executeQuery(conn,
+ appendPQExpBuffer(buf,
"SELECT datname, "
"coalesce(usename, (select usename from pg_shadow where usesysid=(select datdba from pg_database where datname='template0'))), "
"pg_encoding_to_char(d.encoding), "
-@@ -933,7 +968,7 @@ dumpCreateDB(PGconn *conn)
+@@ -933,7 +947,7 @@ dumpCreateDB(PGconn *conn)
"FROM pg_database d LEFT JOIN pg_shadow u ON (datdba = usesysid) "
"WHERE datallowconn ORDER BY 1");
else if (server_version >= 70300)
@@ -401,7 +579,7 @@
"SELECT datname, "
"coalesce(usename, (select usename from pg_shadow where usesysid=(select datdba from pg_database where datname='template0'))), "
"pg_encoding_to_char(d.encoding), "
-@@ -942,7 +977,7 @@ dumpCreateDB(PGconn *conn)
+@@ -942,7 +956,7 @@ dumpCreateDB(PGconn *conn)
"FROM pg_database d LEFT JOIN pg_shadow u ON (datdba = usesysid) "
"WHERE datallowconn ORDER BY 1");
else if (server_version >= 70100)
@@ -410,7 +588,7 @@
"SELECT datname, "
"coalesce("
"(select usename from pg_shadow where usesysid=datdba), "
-@@ -958,7 +993,7 @@ dumpCreateDB(PGconn *conn)
+@@ -958,7 +972,7 @@ dumpCreateDB(PGconn *conn)
* Note: 7.0 fails to cope with sub-select in COALESCE, so just deal
* with getting a NULL by not printing any OWNER clause.
*/
@@ -419,7 +597,7 @@
"SELECT datname, "
"(select usename from pg_shadow where usesysid=datdba), "
"pg_encoding_to_char(d.encoding), "
-@@ -968,6 +1003,7 @@ dumpCreateDB(PGconn *conn)
+@@ -968,6 +982,7 @@ dumpCreateDB(PGconn *conn)
"FROM pg_database d "
"ORDER BY 1");
}
@@ -427,20 +605,11 @@
for (i = 0; i < PQntuples(res); i++)
{
-@@ -978,6 +1014,7 @@ dumpCreateDB(PGconn *conn)
- char *dbacl = PQgetvalue(res, i, 4);
- char *dbconnlimit = PQgetvalue(res, i, 5);
- char *dbtablespace = PQgetvalue(res, i, 6);
-+ char *dbsecurity = PQgetvalue(res, i, 7);
- char *fdbname;
-
- fdbname = strdup(fmtId(dbname));
-@@ -1021,6 +1058,9 @@ dumpCreateDB(PGconn *conn)
+@@ -1021,6 +1036,8 @@ dumpCreateDB(PGconn *conn)
appendPQExpBuffer(buf, " CONNECTION LIMIT = %s",
dbconnlimit);
-+ if (enable_selinux && dbsecurity)
-+ appendPQExpBuffer(buf, " CONTEXT = '%s'", dbsecurity);
++ pg_ace_dumpDatabasePrint(pg_ace_feature, buf, res, i);
+
appendPQExpBuffer(buf, ";\n");
sepostgresql-sepgsql-8.3.3-2.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.1 -r 1.2 sepostgresql-sepgsql-8.3.3-2.patch
Index: sepostgresql-sepgsql-8.3.3-2.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-sepgsql-8.3.3-2.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sepostgresql-sepgsql-8.3.3-2.patch 13 Jun 2008 04:05:55 -0000 1.1
+++ sepostgresql-sepgsql-8.3.3-2.patch 11 Jul 2008 08:39:31 -0000 1.2
@@ -1,6 +1,6 @@
-diff -rpNU3 pgace/configure sepgsql/configure
---- pgace/configure 2008-06-12 23:48:15.000000000 +0900
-+++ sepgsql/configure 2008-06-12 23:52:36.000000000 +0900
+diff -rpNU3 base/configure sepgsql/configure
+--- base/configure 2008-06-12 23:42:03.000000000 +0900
++++ sepgsql/configure 2008-06-14 02:36:58.000000000 +0900
@@ -314,7 +314,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
@@ -18,7 +18,7 @@
--disable-largefile omit support for large files
Optional Packages:
-@@ -4619,6 +4620,118 @@ fi;
+@@ -4619,6 +4620,120 @@ fi;
#
@@ -116,11 +116,13 @@
+echo "$as_me:$LINENO: result: $ac_cv_lib_selinux_getpeercon" >&5
+echo "${ECHO_T}$ac_cv_lib_selinux_getpeercon" >&6
+if test $ac_cv_lib_selinux_getpeercon = yes; then
-+ cat >>confdefs.h <<\_ACEOF
++
++cat >>confdefs.h <<\_ACEOF
+#define SECURITY_SYSATTR_NAME "security_context"
+_ACEOF
+
-+ cat >>confdefs.h <<_ACEOF
++
++cat >>confdefs.h <<_ACEOF
+#define HAVE_SELINUX 1
+_ACEOF
+
@@ -137,7 +139,7 @@
# Elf
#
-@@ -26006,6 +26119,7 @@ s, at with_libxml@,$with_libxml,;t t
+@@ -26006,6 +26121,7 @@ s, at with_libxml@,$with_libxml,;t t
s, at with_libxslt@,$with_libxslt,;t t
s, at with_system_tzdata@,$with_system_tzdata,;t t
s, at with_zlib@,$with_zlib,;t t
@@ -145,10 +147,10 @@
s, at EGREP@,$EGREP,;t t
s, at ELF_SYS@,$ELF_SYS,;t t
s, at LDFLAGS_SL@,$LDFLAGS_SL,;t t
-diff -rpNU3 pgace/configure.in sepgsql/configure.in
---- pgace/configure.in 2008-06-12 23:48:15.000000000 +0900
-+++ sepgsql/configure.in 2008-06-12 23:52:36.000000000 +0900
-@@ -626,6 +626,19 @@ PGAC_ARG_BOOL(with, zlib, yes,
+diff -rpNU3 base/configure.in sepgsql/configure.in
+--- base/configure.in 2008-06-12 23:42:03.000000000 +0900
++++ sepgsql/configure.in 2008-06-14 02:36:58.000000000 +0900
+@@ -626,6 +626,21 @@ PGAC_ARG_BOOL(with, zlib, yes,
AC_SUBST(with_zlib)
#
@@ -158,8 +160,10 @@
+ [ --enable-selinux build with NSA SELinux support])
+if test "$enable_selinux" = yes; then
+ AC_CHECK_LIB(selinux, getpeercon,
-+ AC_DEFINE(SECURITY_SYSATTR_NAME, "security_context")
-+ AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1)
++ AC_DEFINE(SECURITY_SYSATTR_NAME, "security_context",
++ [Enables system column for security attribute support])
++ AC_DEFINE_UNQUOTED(HAVE_SELINUX, 1,
++ [Enables SE-PostgreSQL feature])
+ AC_SUBST(enable_selinux),
+ AC_MSG_ERROR("--enable-selinux requires libselinux."))
+fi
@@ -168,9 +172,792 @@
# Elf
#
-diff -rpNU3 pgace/src/Makefile.global.in sepgsql/src/Makefile.global.in
---- pgace/src/Makefile.global.in 2007-11-18 02:56:38.000000000 +0900
-+++ sepgsql/src/Makefile.global.in 2007-11-22 23:10:13.000000000 +0900
+diff -rpNU3 base/contrib/sepgsql_policy/Makefile sepgsql/contrib/sepgsql_policy/Makefile
+--- base/contrib/sepgsql_policy/Makefile 1970-01-01 09:00:00.000000000 +0900
++++ sepgsql/contrib/sepgsql_policy/Makefile 2008-06-26 11:44:44.000000000 +0900
+@@ -0,0 +1,40 @@
++#
++# contrib/sepgsql_policy/Makefile
++# Makefile of security policy module for SE-PostgreSQL
++#
++top_builddir = ../..
++include $(top_builddir)/src/Makefile.global
++
++policy_basedir := /usr/share/selinux
++policy_makefile := $(policy_basedir)/devel/Makefile
++policy_types := targeted mls
++policy := $(strip $(shell $(AWK) -F= '/^SELINUXTYPE/{ print $$2 }' /etc/selinux/config))
++package_names := sepostgresql sepostgresql-devel
++prefix_ptn := "s/%%__prefix__%%/$(shell echo $(prefix)|sed 's/\//\\\//g')/g"
++bindir_ptn := "s/%%__bindir__%%/$(shell echo $(bindir)|sed 's/\//\\\//g')/g"
++libdir_ptn := "s/%%__libdir__%%/$(shell echo $(pkglibdir)|sed 's/\//\\\//g')/g"
++
++all:
++ $(foreach pkg, $(package_names), $(foreach p, $(policy_types), $(MAKE) $(MAKEOVERRIDES) policy=$(p) $(pkg).pp;))
++ $(foreach pkg, $(package_names), test -e $(pkg).pp.$(policy) && ln -sf $(pkg).pp.$(policy) $(pkg).pp;)
++
++.install-policy:
++ test -d $(DESTDIR)$(policy_basedir)/$(policy) || install -d $(DESTDIR)$(policy_basedir)/$(policy)
++ $(foreach pkg, $(package_names), install -p -m 644 $(pkg).pp.$(policy) $(DESTDIR)$(policy_basedir)/$(policy)/$(pkg).pp;)
++
++install: all
++ $(foreach p, $(policy_types), $(MAKE) $(MAKEOVERRIDES) policy=$(p) .install-policy;)
++
++%.pp: %.te %.if %.fc
++ $(MAKE) NAME=$(policy) -f $(policy_makefile) $@
++ mv $@ $@.$(policy)
++
++sepostgresql-devel.fc: sepostgresql.fc.template
++ cat $< | grep -v ^/var | sed -e $(prefix_ptn) -e $(bindir_ptn) -e $(libdir_ptn) > $@
++
++sepostgresql.fc: sepostgresql.fc.template
++ cat $< | sed -e $(prefix_ptn) -e $(bindir_ptn) -e $(libdir_ptn) > $@
++
++clean:
++ $(MAKE) -f $(policy_makefile) clean
++ rm -f *.pp.* *.fc
+diff -rpNU3 base/contrib/sepgsql_policy/README sepgsql/contrib/sepgsql_policy/README
+--- base/contrib/sepgsql_policy/README 1970-01-01 09:00:00.000000000 +0900
++++ sepgsql/contrib/sepgsql_policy/README 2008-06-19 13:12:15.000000000 +0900
+@@ -0,0 +1,50 @@
++The security policy module of SE-PostgreSQL
++-------------------------------------------
++
++o Introduction
++
++ We provide two kind of security policy modules.
++
++ One is "sepostgresql.pp" which contains full-set of security policy
++ and suitable for legacy base policy (selinux-policy-3.4.1, or prior).
++
++ The other is "sepostgresql-devel.pp" which provides several booleans
++ for developers, and suitable for newer base policy (selinux-policy-3.4.2,
++ or later).
++
++ In the selinux-policy-3.4.2, most part of the policy got upstreamed.
++ So, we don't need to install "sepostgresql.pp" explicitly on the newer
++ base security policy.
++
++ If you need to run regression test, or (don't) want to generate access
++ logs, install "sepostgresql-devel.pp" and turn on/off booleans.
++
++o Build & Installation
++
++ $ cd contrib/sepgsql_policy
++ $ make
++ $ su
++ # /usr/sbin/semodule -i sepostgresql-devel.pp
++ or
++ # /usr/sbin/semodule -i sepostgresql.pp
++
++o Booleans
++
++- sepgsql_enable_users_ddl (default: on)
++ This boolean enables to control to execute DDL statement come from
++ confined users.
++
++- sepgsql_enable_auditallow (default: off)
++ This boolean enables to generate access allow logs except for tuple
++ level.
++
++- sepgsql_enable_auditdeny (default: on)
++ This boolean enables to generata access denied logs except for tuple
++ level.
++
++- sepgsql_regression_test_mode (default: off)
++ This boolean provides several permission to run regression test on
++ your home directory. It enables to load shared library files deployed
++ on home directory.
++ However, we don't recommend it to turn on in the operation phase.
++
+diff -rpNU3 base/contrib/sepgsql_policy/sepostgresql-devel.if sepgsql/contrib/sepgsql_policy/sepostgresql-devel.if
+--- base/contrib/sepgsql_policy/sepostgresql-devel.if 1970-01-01 09:00:00.000000000 +0900
++++ sepgsql/contrib/sepgsql_policy/sepostgresql-devel.if 2008-06-19 13:12:15.000000000 +0900
+@@ -0,0 +1 @@
++## There are no interface declaration
+diff -rpNU3 base/contrib/sepgsql_policy/sepostgresql-devel.te sepgsql/contrib/sepgsql_policy/sepostgresql-devel.te
+--- base/contrib/sepgsql_policy/sepostgresql-devel.te 1970-01-01 09:00:00.000000000 +0900
++++ sepgsql/contrib/sepgsql_policy/sepostgresql-devel.te 2008-06-26 11:44:44.000000000 +0900
+@@ -0,0 +1,82 @@
++policy_module(sepostgresql-devel, 3.11)
++
++gen_require(`
++ class db_database all_db_database_perms;
++ class db_table all_db_table_perms;
++ class db_procedure all_db_procedure_perms;
[...14689 lines suppressed...]
++extern void sepgsqlLargeObjectDrop(Relation rel, HeapTuple tuple, void **pgaceItem);
++
++extern void sepgsqlLargeObjectRead(LargeObjectDesc *lodesc, int length);
++
++extern void sepgsqlLargeObjectWrite(LargeObjectDesc *lodesc, int length);
++
++extern void sepgsqlLargeObjectTruncate(LargeObjectDesc *lodesc, int offset);
++
++extern void sepgsqlLargeObjectImport(Oid loid, int fdesc, const char *filename);
++
++extern void sepgsqlLargeObjectExport(Oid loid, int fdesc, const char *filename);
++
++extern void sepgsqlLargeObjectGetSecurity(Relation rel, HeapTuple tuple);
++
++extern void sepgsqlLargeObjectSetSecurity(Relation rel, HeapTuple newtup, HeapTuple oldtup);
+
+/* Security Label hooks */
-+extern char *sepgsqlSecurityLabelIn(char *context);
-+extern char *sepgsqlSecurityLabelOut(char *context);
-+extern char *sepgsqlSecurityLabelCheckValid(char *context);
-+extern char *sepgsqlSecurityLabelOfLabel(char *context);
-+
-+/* Extended node type hooks */
-+extern Node *sepgsqlCopyObject(Node *node);
-+extern bool sepgsqlOutObject(StringInfo str, Node *node);
-+extern void *sepgsqlReadObject(char *token);
++extern char *sepgsqlTranslateSecurityLabelIn(char *context);
++
++extern char *sepgsqlTranslateSecurityLabelOut(char *context);
++
++extern char *sepgsqlValidateSecurityLabel(char *context);
++
++extern char *sepgsqlSecurityLabelOfLabel(void);
+
+/*
+ * SE-PostgreSQL core functions
-+ * src/backend/security/sepgsql/core.c
++ * src/backend/security/sepgsql/core.c
++ */
++extern bool sepgsqlIsEnabled(void);
++
++extern const security_context_t sepgsqlGetServerContext(void);
++
++extern const security_context_t sepgsqlGetClientContext(void);
++
++extern const security_context_t sepgsqlGetDatabaseContext(void);
++
++extern const security_context_t sepgsqlGetUnlabeledContext(void);
++
++extern const security_context_t sepgsqlSwitchClientContext(security_context_t newcon);
++
++extern Oid sepgsqlGetDatabaseSecurityId(void);
++
++/*
++ * SE-PostgreSQL userspace avc functions
++ * src/backend/security/sepgsql/avc.c
+ */
-+extern bool sepgsqlIsEnabled(void);
-+extern Oid sepgsqlGetServerContext(void);
-+extern Oid sepgsqlGetClientContext(void);
-+extern void sepgsqlSetClientContext(Oid new_ctx);
-+extern Oid sepgsqlGetDatabaseContext(void);
-+extern char *sepgsqlGetDatabaseName(void);
-+
-+/* userspace access vector cache related */
-+extern void sepgsql_avc_permission(Oid ssid, Oid tsid, uint16 tclass,
-+ uint32 perms, char *objname);
-+extern bool sepgsql_avc_permission_noabort(Oid ssid, Oid tsid, uint16 tclass,
-+ uint32 perms, char *objname);
-+extern Oid sepgsql_avc_createcon(Oid ssid, Oid tsid, uint16 tclass);
-+extern Oid sepgsql_avc_relabelcon(Oid ssid, Oid tsid, uint16 tclass);
++extern void sepgsqlAvcInit(void);
++
++extern bool sepgsqlAvcPermission(const security_context_t scon,
++ const security_context_t tcon,
++ security_class_t tclass,
++ access_vector_t perms,
++ const char *objname,
++ bool abort);
++
++extern bool sepgsqlAvcPermissionSid(const security_context_t scon,
++ Oid tsid,
++ security_class_t tclass,
++ access_vector_t perms,
++ const char *objname,
++ bool abort);
++
++extern security_context_t sepgsqlAvcCreateCon(const security_context_t scon,
++ const security_context_t tcon,
++ security_class_t tclass);
++
++extern Oid sepgsqlAvcCreateConSid(const security_context_t scon,
++ Oid tsid,
++ security_class_t tclass);
+
+/*
+ * SE-PostgreSQL permission evaluation related
-+ * src/backend/security/sepgsql/permission.c
++ * src/backend/security/sepgsql/permission.c
+ */
-+extern char *sepgsqlGetTupleName(Oid relid, HeapTuple tuple, NameData *name);
-+extern Oid sepgsqlComputeImplicitContext(Relation rel, HeapTuple tuple);
-+extern bool sepgsqlCheckTuplePerms(Relation rel, HeapTuple tuple, HeapTuple oldtup,
-+ uint32 perms, bool abort);
++extern const char *sepgsqlTupleName(Oid relid, HeapTuple tuple);
++
++extern void sepgsqlSetDefaultContext(Relation rel, HeapTuple tuple);
++
++extern bool sepgsqlCheckTuplePerms(Relation rel, HeapTuple tuple,
++ HeapTuple oldtup, uint32 perms, bool abort);
++
+/*
+ * SE-PostgreSQL SQL FUNCTIONS
+ */
+extern Datum sepgsql_getcon(PG_FUNCTION_ARGS);
-+extern Datum sepgsql_tuple_perms(PG_FUNCTION_ARGS);
-+extern Datum sepgsql_tuple_perms_abort(PG_FUNCTION_ARGS);
-+
-+#endif /* SEPGSQL_H */
++extern Datum sepgsql_getservcon(PG_FUNCTION_ARGS);
++extern Datum sepgsql_get_user(PG_FUNCTION_ARGS);
++extern Datum sepgsql_get_role(PG_FUNCTION_ARGS);
++extern Datum sepgsql_get_type(PG_FUNCTION_ARGS);
++extern Datum sepgsql_get_range(PG_FUNCTION_ARGS);
++extern Datum sepgsql_set_user(PG_FUNCTION_ARGS);
++extern Datum sepgsql_set_role(PG_FUNCTION_ARGS);
++extern Datum sepgsql_set_type(PG_FUNCTION_ARGS);
++extern Datum sepgsql_set_range(PG_FUNCTION_ARGS);
++
++#endif /* SEPGSQL_H */
+diff -rpNU3 base/src/include/storage/fd.h sepgsql/src/include/storage/fd.h
+--- base/src/include/storage/fd.h 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/include/storage/fd.h 2008-06-14 02:36:58.000000000 +0900
+@@ -67,6 +67,7 @@ extern int FileWrite(File file, char *bu
+ extern int FileSync(File file);
+ extern long FileSeek(File file, long offset, int whence);
+ extern int FileTruncate(File file, long offset);
++extern int FileRawDescriptor(File file);
+
+ /* Operations that allow use of regular stdio --- USE WITH CAUTION */
+ extern FILE *AllocateFile(const char *name, const char *mode);
+diff -rpNU3 base/src/include/storage/lwlock.h sepgsql/src/include/storage/lwlock.h
+--- base/src/include/storage/lwlock.h 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/include/storage/lwlock.h 2008-06-14 02:36:58.000000000 +0900
+@@ -63,6 +63,7 @@ typedef enum LWLockId
+ AutovacuumLock,
+ AutovacuumScheduleLock,
+ SyncScanLock,
++ SepgsqlAvcLock,
+ /* Individual lock IDs end here */
+ FirstBufMappingLock,
+ FirstLockMgrLock = FirstBufMappingLock + NUM_BUFFER_PARTITIONS,
+diff -rpNU3 base/src/include/utils/catcache.h sepgsql/src/include/utils/catcache.h
+--- base/src/include/utils/catcache.h 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/include/utils/catcache.h 2008-06-14 02:36:58.000000000 +0900
+@@ -172,6 +172,7 @@ extern HeapTuple SearchCatCache(CatCache
+ Datum v1, Datum v2,
+ Datum v3, Datum v4);
+ extern void ReleaseCatCache(HeapTuple tuple);
++extern void InsertCatCache(CatCache *cache, HeapTuple tuple);
+
+ extern CatCList *SearchCatCacheList(CatCache *cache, int nkeys,
+ Datum v1, Datum v2,
+diff -rpNU3 base/src/include/utils/errcodes.h sepgsql/src/include/utils/errcodes.h
+--- base/src/include/utils/errcodes.h 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/include/utils/errcodes.h 2008-06-14 02:36:58.000000000 +0900
+@@ -339,6 +339,12 @@
+ #define ERRCODE_NO_DATA_FOUND MAKE_SQLSTATE('P','0', '0','0','2')
+ #define ERRCODE_TOO_MANY_ROWS MAKE_SQLSTATE('P','0', '0','0','3')
+
++/* Class SE - Security Error (PGACE/SE-PostgreSQL error class) */
++#define ERRCODE_PGACE_ERROR MAKE_SQLSTATE('S','E', '0','0','0')
++#define ERRCODE_SELINUX_ERROR MAKE_SQLSTATE('S','E', '0','0','1')
++#define ERRCODE_SELINUX_AUDIT MAKE_SQLSTATE('S','E', '0','0','2')
++#define ERRCODE_SELINUX_INFO MAKE_SQLSTATE('S','E', '0','0','3')
++
+ /* Class XX - Internal Error (PostgreSQL-specific error class) */
+ /* (this is for "can't-happen" conditions and software bugs) */
+ #define ERRCODE_INTERNAL_ERROR MAKE_SQLSTATE('X','X', '0','0','0')
+diff -rpNU3 base/src/include/utils/syscache.h sepgsql/src/include/utils/syscache.h
+--- base/src/include/utils/syscache.h 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql/src/include/utils/syscache.h 2008-06-14 02:36:58.000000000 +0900
+@@ -76,6 +76,8 @@
+ #define TSTEMPLATEOID 45
+ #define TYPENAMENSP 46
+ #define TYPEOID 47
++#define SECURITYOID 48
++#define SECURITYLABEL 49
+
+ extern void InitCatalogCache(void);
+ extern void InitCatalogCachePhase2(void);
+@@ -84,6 +86,8 @@ extern HeapTuple SearchSysCache(int cach
+ Datum key1, Datum key2, Datum key3, Datum key4);
+ extern void ReleaseSysCache(HeapTuple tuple);
+
++extern void InsertSysCache(Oid relid, HeapTuple tuple);
++
+ /* convenience routines */
+ extern HeapTuple SearchSysCacheCopy(int cacheId,
+ Datum key1, Datum key2, Datum key3, Datum key4);
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.init,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- sepostgresql.init 13 Jun 2008 04:05:55 -0000 1.20
+++ sepostgresql.init 11 Jul 2008 08:39:31 -0000 1.21
@@ -9,7 +9,7 @@
PGVERSION="8.3.3"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9a-z]*\).*$/\1/'`
-SEPGVERSION="2.869"
+SEPGVERSION="2.952"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.spec,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- sepostgresql.spec 13 Jun 2008 04:05:55 -0000 1.21
+++ sepostgresql.spec 11 Jul 2008 08:39:31 -0000 1.22
@@ -4,39 +4,52 @@
# Copyright 2007 KaiGai Kohei <kaigai at kaigai.gr.jp>
# -----------------------------------------------------
-# SELinux policy types
-%define selinux_variants mls strict targeted
-
# SE-PostgreSQL status extension
+%define selinux_policy_stores targeted mls
+
+# check policy dependency
+%define fullset_policy %(rpm -E '%{dist}' | grep -cE '^\.fc[1-9]$')
+%if %{fullset_policy}
+%define required_policy_version 3.0.6
+%define policy_module_name sepostgresql
+%else
+%define required_policy_version 3.4.2
+%define policy_module_name sepostgresql-devel
+%endif
+
+%{!?ssl:%define ssl 1}
+
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.3.3
-Release: 2.869%{?sepgsql_extension}%{?dist}
+Release: 2.952%{?sepgsql_extension}%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
Buildroot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Source0: ftp://ftp.postgresql.org/pub/source/v%{version}/postgresql-%{version}.tar.bz2
Source1: sepostgresql.init
-Source2: sepostgresql.if
-Source3: sepostgresql.te
-Source4: sepostgresql.fc
-Source5: sepostgresql.8
-Source6: sepostgresql.logrotate
-Patch0: sepostgresql-pgace-8.3.3-2.patch
-Patch1: sepostgresql-sepgsql-8.3.3-2.patch
+Source2: sepostgresql.8
+Source3: sepostgresql.logrotate
+Patch0: sepostgresql-sepgsql-8.3.3-2.patch
+Patch1: sepostgresql-policy-8.3.3-2.patch
Patch2: sepostgresql-pg_dump-8.3.3-2.patch
Patch3: sepostgresql-fedora-prefix.patch
BuildRequires: perl glibc-devel bison flex readline-devel zlib-devel >= 1.0.4
-Buildrequires: checkpolicy libselinux-devel >= 2.0.43 selinux-policy-devel selinux-policy >= 3.0.6
+BuildRequires: checkpolicy libselinux-devel >= 2.0.43 selinux-policy-devel
+BuildRequires: selinux-policy >= %{required_policy_version}
+%if %{ssl}
+BuildRequires: openssl-devel
+%endif
Requires(pre): shadow-utils
Requires(post): policycoreutils /sbin/chkconfig
Requires(preun): /sbin/chkconfig /sbin/service
Requires(postun): policycoreutils
Requires: postgresql-server = %{version}
-Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.43 selinux-policy >= 3.0.6
+Requires: policycoreutils >= 2.0.16 libselinux >= 2.0.43
+Requires: selinux-policy >= %{required_policy_version}
Requires: tzdata logrotate
%description
@@ -53,26 +66,17 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-mkdir selinux-policy
-cp -p %{SOURCE2} %{SOURCE3} %{SOURCE4} selinux-policy
%build
CFLAGS="${CFLAGS:-%optflags}" ; export CFLAGS
CXXFLAGS="${CXXFLAGS:-%optflags}" ; export CXXFLAGS
-# build Binary Policy Module
-pushd selinux-policy
-for selinuxvariant in %{selinux_variants}
-do
- make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile
- mv %{name}.pp %{name}.pp.${selinuxvariant}
- make NAME=${selinuxvariant} -f %{_datadir}/selinux/devel/Makefile clean
-done
-popd
-
# build SE-PostgreSQL
%configure --disable-rpath \
--enable-selinux \
+%if %{ssl}
+ --with-openssl \
+%endif
%if %{defined sepgextension}
--enable-debug \
--enable-cassert \
@@ -83,20 +87,21 @@
# parallel build, if possible
make %{?_smp_mflags}
+# to create empty .fc file
+touch src/backend/security/sepgsql/policy/%{policy_module_name}.fc
+make -C src/backend/security/sepgsql/policy
%install
rm -rf %{buildroot}
-pushd selinux-policy
-for selinuxvariant in %{selinux_variants}
+make DESTDIR=%{buildroot} install
+
+for store in %{selinux_policy_stores}
do
- install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant}
- install -p -m 644 %{name}.pp.${selinuxvariant} \
- %{buildroot}%{_datadir}/selinux/${selinuxvariant}/%{name}.pp
+ install -d %{buildroot}%{_datadir}/selinux/${store}
+ install -p -m 644 src/backend/security/sepgsql/policy/%{policy_module_name}.pp.${store} \
+ %{buildroot}%{_datadir}/selinux/${store}/%{policy_module_name}.pp
done
-popd
-
-make DESTDIR=%{buildroot} install
# avoid to conflict with native postgresql package
mv %{buildroot}%{_bindir} %{buildroot}%{_bindir}.orig
@@ -124,13 +129,13 @@
mkdir -p %{buildroot}%{_initrddir}
install -p -m 755 %{SOURCE1} %{buildroot}%{_initrddir}/sepostgresql
-# /etc/logrotate.d/
-mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
-install -p -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/logrotate.d/sepostgresql
-
# /usr/share/man/*
mkdir -p %{buildroot}%{_mandir}/man8
-install -p -m 644 %{SOURCE5} %{buildroot}%{_mandir}/man8
+install -p -m 644 %{SOURCE2} %{buildroot}%{_mandir}/man8
+
+# /etc/logrotate.d/
+mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
+install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/logrotate.d/sepostgresql
%clean
rm -rf %{buildroot}
@@ -146,13 +151,18 @@
/sbin/chkconfig --add %{name}
/sbin/ldconfig
-for selinuxvariant in %{selinux_variants}
+for store in %{selinux_policy_stores}
do
- %{_sbindir}/semodule -s ${selinuxvariant} -l >& /dev/null || continue;
-
- %{_sbindir}/semodule -s ${selinuxvariant} -l | egrep -q '^%{name}' && \
- %{_sbindir}/semodule -s ${selinuxvariant} -r %{name} >& /dev/null || :
- %{_sbindir}/semodule -s ${selinuxvariant} -i %{_datadir}/selinux/${selinuxvariant}/%{name}.pp >& /dev/null || :
+%if %{fullset_policy}
+ %{_sbindir}/semodule -s ${store} -r %{policy_module_name} >& /dev/null || :
+ %{_sbindir}/semodule -s ${store} \
+ -i %{_datadir}/selinux/${store}/%{policy_module_name}.pp >& /dev/null || :
+%else
+ if %{_sbindir}/semodule -s ${store} -l | grep -Eq "^%{policy_module_name}"; then
+ %{_sbindir}/semodule -s ${store} \
+ -u %{_datadir}/selinux/${store}/%{policy_module_name}.pp >& /dev/null || :
+ fi
+%endif
done
# Fix up non-standard file contexts
@@ -171,12 +181,9 @@
/sbin/service %{name} condrestart >/dev/null 2>&1 || :
fi
if [ $1 -eq 0 ]; then # rpm -e case
- for selinuxvariant in %{selinux_variants}
+ for store in %{selinux_policy_stores}
do
- %{_sbindir}/semodule -s ${selinuxvariant} -l >& /dev/null || continue;
-
- %{_sbindir}/semodule -s ${selinuxvariant} -l | egrep -q '^%{name}' && \
- %{_sbindir}/semodule -s ${selinuxvariant} -r %{name} >& /dev/null || :
+ %{_sbindir}/semodule -s ${store} -r %{policy_module_name} >& /dev/null || :
done
/sbin/fixfiles -R %{name} restore || :
test -d %{_localstatedir}/lib/sepgsql && /sbin/restorecon -R %{_localstatedir}/lib/sepgsql || :
@@ -205,12 +212,22 @@
%{_datadir}/sepgsql/conversion_create.sql
%{_datadir}/sepgsql/information_schema.sql
%{_datadir}/sepgsql/sql_features.txt
-%attr(644,root,root) %{_datadir}/selinux/*/sepostgresql.pp
+%attr(644,root,root) %{_datadir}/selinux/*/%{policy_module_name}.pp
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/data
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
+* Fri Jul 11 2008 <kaigai at kaigai.gr.jp> - 8.3.3-2.952
+- Security policy module updates
+
+* Fri Jul 11 2008 <kaigai at kaigai.gr.jp> - 8.3.3-2.945
+- Add OpenSSL support
+- backport 8.4devel fixes
+
+* Sun Jun 15 2008 <kaigai at kaigai.gr.jp> - 8.3.3-2.889
+- backport 8.4devel features.
+
* Fri Jun 13 2008 <kaigai at kaigai.gr.jp> - 8.3.3-2.869
- upgrade base PostgreSQL 8.3.1 -> 8.3.3
--- sepostgresql-pgace-8.3.3-2.patch DELETED ---
--- sepostgresql.fc DELETED ---
--- sepostgresql.if DELETED ---
--- sepostgresql.te DELETED ---
More information about the fedora-extras-commits
mailing list