rpms/sepostgresql/devel sepostgresql-core-8.3.patch, 1.2, 1.3 sepostgresql-test-8.3.patch, 1.1, 1.2 sepostgresql.init, 1.33, 1.34 sepostgresql.spec, 1.36, 1.37
KaiGai Kohei
kaigai at fedoraproject.org
Tue Jun 9 07:30:08 UTC 2009
- Previous message (by thread): rpms/kernel/F-11 linux-2.6.29.5-ext4-stable-fixes.patch, NONE, 1.1 kernel.spec, 1.1636, 1.1637 linux-2.6-ext4-clear-unwritten-flag.patch, 1.1, NONE linux-2.6-ext4-fake-delalloc-bno.patch, 1.1, NONE linux-2.6-ext4-fix-i_cached_extent-race.patch, 1.1, NONE linux-2.6-ext4-flush-on-close.patch, 1.1, NONE linux-2.6-ext4-prealloc-fixes.patch, 1.2, NONE linux-2.6-ext4-really-print-warning-once.patch, 1.1, NONE
- Next message (by thread): rpms/sepostgresql/F-11 sepostgresql-core-8.3.patch, 1.2, 1.3 sepostgresql-test-8.3.patch, 1.1, 1.2 sepostgresql.init, 1.33, 1.34 sepostgresql.spec, 1.36, 1.37
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kaigai
Update of /cvs/pkgs/rpms/sepostgresql/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22323
Modified Files:
sepostgresql-core-8.3.patch sepostgresql-test-8.3.patch
sepostgresql.init sepostgresql.spec
Log Message:
backport features and bugfixes from v8.4devel tree.
sepostgresql-core-8.3.patch:
View full diff with command:
/usr/bin/cvs -f diff -kk -u -p -N -r 1.2 -r 1.3 sepostgresql-core-8.3.patch
Index: sepostgresql-core-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-core-8.3.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- sepostgresql-core-8.3.patch 28 Mar 2009 02:23:48 -0000 1.2
+++ sepostgresql-core-8.3.patch 9 Jun 2009 07:29:38 -0000 1.3
@@ -1,6 +1,6 @@
diff -rpNU3 base/configure sepgsql-new/configure
---- base/configure 2009-03-15 17:47:25.000000000 +0900
-+++ sepgsql-new/configure 2009-03-15 17:58:10.000000000 +0900
+--- base/configure 2009-05-20 17:08:02.000000000 +0900
++++ sepgsql-new/configure 2009-05-20 17:08:02.000000000 +0900
@@ -314,7 +314,7 @@ ac_includes_default="\
# include <unistd.h>
#endif"
@@ -456,6 +456,73 @@ diff -rpNU3 base/src/backend/access/heap
heap_insert(toastrel, toasttup, mycid, use_wal, use_fsm);
/*
+diff -rpNU3 base/src/backend/access/transam/xact.c sepgsql-new/src/backend/access/transam/xact.c
+--- base/src/backend/access/transam/xact.c 2009-03-15 17:47:25.000000000 +0900
++++ sepgsql-new/src/backend/access/transam/xact.c 2009-05-20 17:35:01.000000000 +0900
+@@ -35,6 +35,7 @@
+ #include "miscadmin.h"
+ #include "pg_trace.h"
+ #include "pgstat.h"
++#include "security/rowlevel.h"
+ #include "storage/fd.h"
+ #include "storage/lmgr.h"
+ #include "storage/procarray.h"
+@@ -137,6 +138,7 @@ typedef struct TransactionStateData
+ Oid prevUser; /* previous CurrentUserId setting */
+ bool prevSecDefCxt; /* previous SecurityDefinerContext setting */
+ bool prevXactReadOnly; /* entry-time xact r/o state */
++ int prevRowlv; /* previous Row-level control behavior */
+ struct TransactionStateData *parent; /* back link to parent */
+ } TransactionStateData;
+
+@@ -165,6 +167,7 @@ static TransactionStateData TopTransacti
+ InvalidOid, /* previous CurrentUserId setting */
+ false, /* previous SecurityDefinerContext setting */
+ false, /* entry-time xact r/o state */
++ ROWLV_FILTER_MODE, /* previous Row-level control behavior */
+ NULL /* link to parent state block */
+ };
+
+@@ -1571,6 +1574,7 @@ StartTransaction(void)
+ s->nChildXids = 0;
+ s->maxChildXids = 0;
+ GetUserIdAndContext(&s->prevUser, &s->prevSecDefCxt);
++ s->prevRowlv = rowlvGetPerformingMode();
+ /* SecurityDefinerContext should never be set outside a transaction */
+ Assert(!s->prevSecDefCxt);
+
+@@ -2071,6 +2075,11 @@ AbortTransaction(void)
+ SetUserIdAndContext(s->prevUser, s->prevSecDefCxt);
+
+ /*
++ * Reset behavior of row-level access controls
++ */
++ rowlvSetPerformingMode(s->prevRowlv);
++
++ /*
+ * do abort processing
+ */
+ AfterTriggerEndXact(false);
+@@ -3911,6 +3920,11 @@ AbortSubTransaction(void)
+ SetUserIdAndContext(s->prevUser, s->prevSecDefCxt);
+
+ /*
++ * Reset behavior of row-level access controls
++ */
++ rowlvSetPerformingMode(s->prevRowlv);
++
++ /*
+ * We can skip all this stuff if the subxact failed before creating a
+ * ResourceOwner...
+ */
+@@ -4052,6 +4066,7 @@ PushTransaction(void)
+ s->blockState = TBLOCK_SUBBEGIN;
+ GetUserIdAndContext(&s->prevUser, &s->prevSecDefCxt);
+ s->prevXactReadOnly = XactReadOnly;
++ s->prevRowlv = rowlvGetPerformingMode();
+
+ CurrentTransactionState = s;
+
diff -rpNU3 base/src/backend/bootstrap/bootparse.y sepgsql-new/src/backend/bootstrap/bootparse.y
--- base/src/backend/bootstrap/bootparse.y 2008-01-07 23:51:33.000000000 +0900
+++ sepgsql-new/src/backend/bootstrap/bootparse.y 2009-03-13 18:14:33.000000000 +0900
@@ -553,7 +620,7 @@ diff -rpNU3 base/src/backend/catalog/Mak
)
diff -rpNU3 base/src/backend/catalog/aclchk.c sepgsql-new/src/backend/catalog/aclchk.c
--- base/src/backend/catalog/aclchk.c 2008-06-12 22:34:19.000000000 +0900
-+++ sepgsql-new/src/backend/catalog/aclchk.c 2009-03-13 18:14:33.000000000 +0900
++++ sepgsql-new/src/backend/catalog/aclchk.c 2009-05-20 17:08:02.000000000 +0900
@@ -39,6 +39,7 @@
#include "commands/dbcommands.h"
#include "miscadmin.h"
@@ -562,14 +629,13 @@ diff -rpNU3 base/src/backend/catalog/acl
#include "utils/acl.h"
#include "utils/fmgroids.h"
#include "utils/lsyscache.h"
-@@ -1979,7 +1980,14 @@ AclResult
+@@ -1979,7 +1980,13 @@ AclResult
pg_database_aclcheck(Oid db_oid, Oid roleid, AclMode mode)
{
if (pg_database_aclmask(db_oid, roleid, mode, ACLMASK_ANY) != 0)
+ {
+ /* SELinux: db_database:{access} permission */
-+ if ((mode & ACL_CONNECT) != 0
-+ && !sepgsqlCheckDatabaseAccess(db_oid))
++ if ((mode & ACL_CONNECT) != 0 && !sepgsqlCheckDatabaseAccess(db_oid))
+ return ACLCHECK_NO_PRIV;
+
return ACLCHECK_OK;
@@ -577,14 +643,27 @@ diff -rpNU3 base/src/backend/catalog/acl
else
return ACLCHECK_NO_PRIV;
}
-@@ -1991,7 +1999,14 @@ AclResult
+@@ -1991,7 +1998,13 @@ AclResult
pg_proc_aclcheck(Oid proc_oid, Oid roleid, AclMode mode)
{
if (pg_proc_aclmask(proc_oid, roleid, mode, ACLMASK_ANY) != 0)
+ {
+ /* SELinux: db_procedure:{execute} permission */
-+ if ((mode & ACL_EXECUTE) != 0
-+ && !sepgsqlCheckProcedureExecute(proc_oid))
++ if ((mode & ACL_EXECUTE) != 0 && !sepgsqlCheckProcedureExecute(proc_oid))
++ return ACLCHECK_NO_PRIV;
++
+ return ACLCHECK_OK;
++ }
+ else
+ return ACLCHECK_NO_PRIV;
+ }
+@@ -2015,7 +2028,13 @@ AclResult
+ pg_namespace_aclcheck(Oid nsp_oid, Oid roleid, AclMode mode)
+ {
+ if (pg_namespace_aclmask(nsp_oid, roleid, mode, ACLMASK_ANY) != 0)
++ {
++ /* SELinux: db_schema:{search} permission */
++ if ((mode & ACL_USAGE) && !sepgsqlCheckSchemaSearch(nsp_oid))
+ return ACLCHECK_NO_PRIV;
+
return ACLCHECK_OK;
@@ -890,6 +969,49 @@ diff -rpNU3 base/src/backend/catalog/ind
/* done with pg_class */
heap_close(pg_class, RowExclusiveLock);
+diff -rpNU3 base/src/backend/catalog/namespace.c sepgsql-new/src/backend/catalog/namespace.c
+--- base/src/backend/catalog/namespace.c 2008-01-07 23:51:33.000000000 +0900
++++ sepgsql-new/src/backend/catalog/namespace.c 2009-05-20 17:35:01.000000000 +0900
+@@ -37,6 +37,7 @@
+ #include "commands/dbcommands.h"
+ #include "miscadmin.h"
+ #include "nodes/makefuncs.h"
++#include "security/sepgsql.h"
+ #include "storage/backendid.h"
+ #include "storage/ipc.h"
+ #include "utils/acl.h"
+@@ -2797,6 +2798,7 @@ static void
+ RemoveTempRelations(Oid tempNamespaceId)
+ {
+ ObjectAddress object;
++ int mode;
+
+ /*
+ * We want to get rid of everything in the target namespace, but not the
+@@ -2808,7 +2810,22 @@ RemoveTempRelations(Oid tempNamespaceId)
+ object.objectId = tempNamespaceId;
+ object.objectSubId = 0;
+
+- deleteWhatDependsOn(&object, false);
++ /*
++ * SELinux does not check anything while cleaning up
++ * temporary objects.
++ */
++ mode = sepgsqlSetExceptionMode(1);
++ PG_TRY();
++ {
++ deleteWhatDependsOn(&object, false);
++ }
++ PG_CATCH();
++ {
++ sepgsqlSetExceptionMode(mode);
++ PG_RE_THROW();
++ }
++ PG_END_TRY();
++ sepgsqlSetExceptionMode(mode);
+ }
+
+ /*
diff -rpNU3 base/src/backend/catalog/pg_aggregate.c sepgsql-new/src/backend/catalog/pg_aggregate.c
--- base/src/backend/catalog/pg_aggregate.c 2008-01-14 22:59:48.000000000 +0900
+++ sepgsql-new/src/backend/catalog/pg_aggregate.c 2009-03-13 18:14:33.000000000 +0900
@@ -905,7 +1027,7 @@ diff -rpNU3 base/src/backend/catalog/pg_
* Okay to create the pg_aggregate entry.
[...4158 lines suppressed...]
-+sepgsqlExecScan(Relation rel, HeapTuple tuple, AclMode required, bool abort);
++sepgsqlExecScan(Relation rel, HeapTuple tuple, uint32 required, bool abort);
++
++extern uint32
++sepgsqlSetupTuplePerms(RangeTblEntry *rte);
+
+extern bool
+sepgsqlHeapTupleInsert(Relation rel, HeapTuple newtup, bool internal);
@@ -9471,12 +10192,6 @@ diff -rpNU3 base/src/include/security/se
+sepgsqlGetUnlabeledLabel(void);
+
+extern security_context_t
-+sepgsqlGetDatabaseLabel(void);
-+
-+extern sepgsql_sid_t
-+sepgsqlGetDatabaseSid(void);
-+
-+extern security_context_t
+sepgsqlSwitchClient(security_context_t new_client);
+
+extern bool
@@ -9486,26 +10201,44 @@ diff -rpNU3 base/src/include/security/se
+sepgsqlInitialize(void);
+
+/*
-+ * hooks.c : security hooks
++ * hooks.c : test certain permissions
+ */
+extern bool
-+sepgsqlCheckDatabaseAccess(Oid db_oid);
++sepgsqlCheckDatabaseAccess(Oid database_oid);
+
+extern bool
+sepgsqlCheckDatabaseSuperuser(void);
+
++extern bool
++sepgsqlCheckSchemaSearch(Oid nsid);
++
++extern void
++sepgsqlCheckSchemaAddRemove(Relation rel, HeapTuple newtup, HeapTuple oldtup);
++
+extern void
+sepgsqlCheckDatabaseInstallModule(const char *filename);
+
+extern void
+sepgsqlCheckDatabaseLoadModule(const char *filename);
+
-+extern bool
++extern void
+sepgsqlCheckTableLock(Oid table_oid);
+
-+extern bool
++extern void
+sepgsqlCheckTableTruncate(Relation rel);
+
++extern void
++sepgsqlCheckTableReference(Relation rel, int16 *attnums, int natts);
++
++extern void
++sepgsqlCheckSequenceGetValue(Oid seqid);
++
++extern void
++sepgsqlCheckSequenceNextValue(Oid seqid);
++
++extern void
++sepgsqlCheckSequenceSetValue(Oid seqid);
++
+extern bool
+sepgsqlCheckProcedureExecute(Oid proc_oid);
+
@@ -9516,7 +10249,10 @@ diff -rpNU3 base/src/include/security/se
+sepgsqlCheckProcedureInstall(Relation rel, HeapTuple newtup, HeapTuple oldtup);
+
+extern void
-+sepgsqlCheckBlobDrop(HeapTuple lotup);
++sepgsqlCheckBlobCreate(Relation rel, HeapTuple lotup);
++
++extern void
++sepgsqlCheckBlobDrop(Relation rel, HeapTuple lotup);
+
+extern void
+sepgsqlCheckBlobRead(LargeObjectDesc *lobj);
@@ -9531,11 +10267,11 @@ diff -rpNU3 base/src/include/security/se
+sepgsqlCheckBlobSetattr(HeapTuple tuple);
+
+extern void
-+sepgsqlCheckBlobExport(LargeObjectDesc *lobj, int fdesc, const char *filename);
-+
++sepgsqlCheckBlobExport(LargeObjectDesc *lobj,
++ int fdesc, const char *filename);
+extern void
-+sepgsqlCheckBlobImport(LargeObjectDesc *lobj, int fdesc, const char *filename);
-+
++sepgsqlCheckBlobImport(LargeObjectDesc *lobj,
++ int fdesc, const char *filename);
+extern void
+sepgsqlCheckBlobRelabel(HeapTuple oldtup, HeapTuple newtup);
+
@@ -9545,6 +10281,7 @@ diff -rpNU3 base/src/include/security/se
+extern void
+sepgsqlCheckFileWrite(int fdesc, const char *filename);
+
++// Hint for optimizer
+extern bool
+sepgsqlAllowFunctionInlined(HeapTuple protup);
+
@@ -9557,10 +10294,10 @@ diff -rpNU3 base/src/include/security/se
+extern void
+sepgsqlSetDefaultSecLabel(Relation rel, HeapTuple tuple);
+
-+extern char *
++extern security_context_t
+sepgsqlMetaSecurityLabel(void);
+
-+extern sepgsql_sid_t
++extern Oid
+sepgsqlInputGivenSecLabel(DefElem *defel);
+
+extern List *
@@ -9572,11 +10309,8 @@ diff -rpNU3 base/src/include/security/se
+extern security_context_t
+sepgsqlSecurityLabelTransOut(security_context_t label);
+
-+extern bool
-+sepgsqlCheckValidSecurityLabel(security_context_t label);
-+
+/*
-+ * perms.c : SE-PostgreSQL permission checks
++ * perms.c : SELinux permission related stuff
+ */
+extern const char *
+sepgsqlAuditName(Oid relid, HeapTuple tuple);
@@ -9601,33 +10335,41 @@ diff -rpNU3 base/src/include/security/se
+
+extern bool
+sepgsqlCheckObjectPerms(Relation rel, HeapTuple tuple,
-+ access_vector_t required, bool abort);
++ access_vector_t required, bool abort);
+
+#else /* HAVE_SELINUX */
+
-+// avc.c
++/* avc.c */
+#define sepgsqlShmemSize() (0)
+#define sepgsqlStartupWorkerProcess() (0)
-+// checker.c
++#define sepgsqlGetExceptionMode() (0)
++#define sepgsqlSetExceptionMode(a) (0)
++/* checker.c */
+#define sepgsqlCheckRTEPerms(a) do {} while(0)
++#define sepgsqlCheckCopyTable(a,b,c) do {} while(0)
+#define sepgsqlCheckSelectInto(a) do {} while(0)
++#define sepgsqlSetupTuplePerms(a) (0)
+#define sepgsqlExecScan(a,b,c,d) (true)
+#define sepgsqlHeapTupleInsert(a,b,c) (true)
+#define sepgsqlHeapTupleUpdate(a,b,c,d) (true)
+#define sepgsqlHeapTupleDelete(a,b,c) (true)
-+// core.c
++/* core.c */
+#define sepgsqlIsEnabled() (false)
+#define sepgsqlInitialize() do {} while(0)
-+// hooks.c
++/* hooks.c */
+#define sepgsqlCheckDatabaseAccess(a) (true)
+#define sepgsqlCheckDatabaseSuperuser() (true)
-+#define sepgsqlCheckDatabaseInstallModule(a) do {} while(0)
-+#define sepgsqlCheckDatabaseLoadModule(a) do {} while(0)
-+#define sepgsqlCheckTableLock(a) (true)
-+#define sepgsqlCheckTableTruncate(a) (true)
++#define sepgsqlCheckSchemaSearch(a) (true)
++#define sepgsqlCheckTableLock(a) do {} while(0)
++#define sepgsqlCheckTableTruncate(a) do {} while(0)
++#define sepgsqlCheckTableReference(a,b,c) do {} while(0)
++#define sepgsqlCheckSequenceGetValue(a) do {} while(0)
++#define sepgsqlCheckSequenceNextValue(a) do {} while(0)
++#define sepgsqlCheckSequenceSetValue(a) do {} while(0)
+#define sepgsqlCheckProcedureExecute(a) (true)
+#define sepgsqlCheckProcedureEntrypoint(a,b) do {} while(0)
-+#define sepgsqlCheckBlobDrop(a) do {} while(0)
++#define sepgsqlCheckBlobCreate(a,b) do {} while(0)
++#define sepgsqlCheckBlobDrop(a,b) do {} while(0)
+#define sepgsqlCheckBlobRead(a) do {} while(0)
+#define sepgsqlCheckBlobWrite(a) do {} while(0)
+#define sepgsqlCheckBlobGetattr(a) do {} while(0)
@@ -9638,14 +10380,13 @@ diff -rpNU3 base/src/include/security/se
+#define sepgsqlCheckFileRead(a,b) do {} while(0)
+#define sepgsqlCheckFileWrite(a,b) do {} while(0)
+#define sepgsqlAllowFunctionInlined(a) (true)
-+// label.c
++/* label.c */
+#define sepgsqlTupleDescHasSecLabel(a) (false)
+#define sepgsqlMetaSecurityLabel() (NULL)
+#define sepgsqlInputGivenSecLabel(a) (InvalidOid)
+#define sepgsqlInputGivenSecLabelRelation(a) (NIL)
+#define sepgsqlSecurityLabelTransIn(a) (a)
+#define sepgsqlSecurityLabelTransOut(a) (a)
-+#define sepgsqlCheckValidSecurityLabel(a) (false)
+
+#endif /* HAVE_SELINUX */
+
sepostgresql-test-8.3.patch:
Index: sepostgresql-test-8.3.patch
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql-test-8.3.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- sepostgresql-test-8.3.patch 27 Mar 2009 03:54:13 -0000 1.1
+++ sepostgresql-test-8.3.patch 9 Jun 2009 07:29:38 -0000 1.2
@@ -20,7 +20,7 @@ diff -rpNU3 base/src/test/regress/expect
-- another sanity check: every system catalog that has OIDs should have
diff -rpNU3 base/src/test/sepgsql/Makefile sepgsql-new/src/test/sepgsql/Makefile
--- base/src/test/sepgsql/Makefile 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/Makefile 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/Makefile 2009-03-03 18:21:14.000000000 +0900
@@ -0,0 +1,65 @@
+# ----------------------------------------------------
+# Makefile for SE-PostgreSQL testcases
@@ -201,7 +201,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+
diff -rpNU3 base/src/test/sepgsql/expected/copy_stmt.out sepgsql-new/src/test/sepgsql/expected/copy_stmt.out
--- base/src/test/sepgsql/expected/copy_stmt.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/copy_stmt.out 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/copy_stmt.out 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,90 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+SELECT sepgsql_getcon();
@@ -568,7 +568,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+ERROR: SELinux: denied { select } scontext=unconfined_u:unconfined_r:sepgsql_test_t:s0-s0:c0 tcontext=unconfined_u:object_r:sepgsql_secret_table_t:s0 tclass=db_column name=t1.c
diff -rpNU3 base/src/test/sepgsql/expected/large_object.out sepgsql-new/src/test/sepgsql/expected/large_object.out
--- base/src/test/sepgsql/expected/large_object.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/large_object.out 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/large_object.out 2009-03-03 14:31:40.000000000 +0900
@@ -0,0 +1,293 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+SELECT sepgsql_getcon();
@@ -865,7 +865,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+
diff -rpNU3 base/src/test/sepgsql/expected/row_level.out sepgsql-new/src/test/sepgsql/expected/row_level.out
--- base/src/test/sepgsql/expected/row_level.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/row_level.out 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/row_level.out 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,131 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+SELECT sepgsql_getcon();
@@ -1000,7 +1000,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+DELETE 1
diff -rpNU3 base/src/test/sepgsql/expected/security_label.out sepgsql-new/src/test/sepgsql/expected/security_label.out
--- base/src/test/sepgsql/expected/security_label.out 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/expected/security_label.out 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/expected/security_label.out 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,127 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+SELECT sepgsql_getcon();
@@ -1131,7 +1131,7 @@ diff -rpNU3 base/src/test/sepgsql/expect
+system_u:object_r:sepgsql_table_t:s0:c4 13 nnn
diff -rpNU3 base/src/test/sepgsql/launch_psql.c sepgsql-new/src/test/sepgsql/launch_psql.c
--- base/src/test/sepgsql/launch_psql.c 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/launch_psql.c 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/launch_psql.c 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,87 @@
+/*
+ * launch_psql.c
@@ -1222,7 +1222,7 @@ diff -rpNU3 base/src/test/sepgsql/launch
+}
diff -rpNU3 base/src/test/sepgsql/sql/basic.sql sepgsql-new/src/test/sepgsql/sql/basic.sql
--- base/src/test/sepgsql/sql/basic.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/basic.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/basic.sql 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,59 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
@@ -1285,7 +1285,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/ba
+SELECT t3 FROM t3;
diff -rpNU3 base/src/test/sepgsql/sql/copy_stmt.sql sepgsql-new/src/test/sepgsql/sql/copy_stmt.sql
--- base/src/test/sepgsql/sql/copy_stmt.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/copy_stmt.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/copy_stmt.sql 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,58 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
@@ -1347,7 +1347,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/co
+COPY t1 TO stdout;
diff -rpNU3 base/src/test/sepgsql/sql/enhanced_ddl_stmt.sql sepgsql-new/src/test/sepgsql/sql/enhanced_ddl_stmt.sql
--- base/src/test/sepgsql/sql/enhanced_ddl_stmt.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/enhanced_ddl_stmt.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/enhanced_ddl_stmt.sql 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,89 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
@@ -1440,7 +1440,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/en
+SELECT proname, security_context FROM pg_proc WHERE oid = 'f2'::regproc;
diff -rpNU3 base/src/test/sepgsql/sql/join_query.sql sepgsql-new/src/test/sepgsql/sql/join_query.sql
--- base/src/test/sepgsql/sql/join_query.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/join_query.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/join_query.sql 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,50 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
@@ -1494,7 +1494,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/jo
+SELECT j FROM (t1 JOIN t2 ON a = x) AS j; -- to be denied
diff -rpNU3 base/src/test/sepgsql/sql/large_object.sql sepgsql-new/src/test/sepgsql/sql/large_object.sql
--- base/src/test/sepgsql/sql/large_object.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/large_object.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/large_object.sql 2009-03-03 14:31:40.000000000 +0900
@@ -0,0 +1,103 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
@@ -1601,7 +1601,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/la
+SELECT lo_unlink(loid) FROM lolabel;
diff -rpNU3 base/src/test/sepgsql/sql/row_level.sql sepgsql-new/src/test/sepgsql/sql/row_level.sql
--- base/src/test/sepgsql/sql/row_level.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/row_level.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/row_level.sql 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,61 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
@@ -1666,7 +1666,7 @@ diff -rpNU3 base/src/test/sepgsql/sql/ro
+DELETE FROM t1 WHERE a = 7;
diff -rpNU3 base/src/test/sepgsql/sql/security_label.sql sepgsql-new/src/test/sepgsql/sql/security_label.sql
--- base/src/test/sepgsql/sql/security_label.sql 1970-01-01 09:00:00.000000000 +0900
-+++ sepgsql-new/src/test/sepgsql/sql/security_label.sql 2009-03-15 17:38:39.000000000 +0900
++++ sepgsql-new/src/test/sepgsql/sql/security_label.sql 2009-03-02 00:24:34.000000000 +0900
@@ -0,0 +1,60 @@
+-- at SECURITY_CONTEXT=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c15
+
Index: sepostgresql.init
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.init,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- sepostgresql.init 17 Apr 2009 00:32:23 -0000 1.33
+++ sepostgresql.init 9 Jun 2009 07:29:38 -0000 1.34
@@ -9,7 +9,7 @@
PGVERSION="8.3.7"
PGMAJORVERSION=`echo "$PGVERSION" | sed 's/^\([0-9]*\.[0-9a-z]*\).*$/\1/'`
-SEPGVERSION="1771"
+SEPGVERSION="1990"
# source function library
. /etc/rc.d/init.d/functions
Index: sepostgresql.spec
===================================================================
RCS file: /cvs/pkgs/rpms/sepostgresql/devel/sepostgresql.spec,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -p -r1.36 -r1.37
--- sepostgresql.spec 17 Apr 2009 00:32:23 -0000 1.36
+++ sepostgresql.spec 9 Jun 2009 07:29:38 -0000 1.37
@@ -12,7 +12,7 @@
Summary: Security Enhanced PostgreSQL
Name: sepostgresql
Version: 8.3.7
-Release: 1772%{?dist}
+Release: 1990%{?dist}
License: BSD
Group: Applications/Databases
Url: http://code.google.com/p/sepgsql/
@@ -26,7 +26,7 @@ Patch1: sepostgresql-utils-8.3.patch
Patch2: sepostgresql-test-8.3.patch
Patch3: sepostgresql-fedora-prefix.patch
BuildRequires: perl glibc-devel bison flex readline-devel zlib-devel >= 1.0.4
-BuildRequires: checkpolicy libselinux-devel >= 2.0.43
+BuildRequires: checkpolicy libselinux-devel >= 2.0.80
BuildRequires: selinux-policy >= 3.4.2
%if %{ssl}
BuildRequires: openssl-devel
@@ -199,6 +199,9 @@ fi
%attr(700,sepgsql,sepgsql) %dir %{_localstatedir}/lib/sepgsql/backups
%changelog
+* Tue Jun 9 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.7-1990
+- backport features from v8.4devel, it also needs libselinux-2.0.80
+
* Fri Apr 17 2009 KaiGai Kohei <kaigai at kaigai.gr.jp> - 8.3.7-1772
- bugfix: /etc/init.d/sepostgresql initdb didn't work correctly
- Previous message (by thread): rpms/kernel/F-11 linux-2.6.29.5-ext4-stable-fixes.patch, NONE, 1.1 kernel.spec, 1.1636, 1.1637 linux-2.6-ext4-clear-unwritten-flag.patch, 1.1, NONE linux-2.6-ext4-fake-delalloc-bno.patch, 1.1, NONE linux-2.6-ext4-fix-i_cached_extent-race.patch, 1.1, NONE linux-2.6-ext4-flush-on-close.patch, 1.1, NONE linux-2.6-ext4-prealloc-fixes.patch, 1.2, NONE linux-2.6-ext4-really-print-warning-once.patch, 1.1, NONE
- Next message (by thread): rpms/sepostgresql/F-11 sepostgresql-core-8.3.patch, 1.2, 1.3 sepostgresql-test-8.3.patch, 1.1, 1.2 sepostgresql.init, 1.33, 1.34 sepostgresql.spec, 1.36, 1.37
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list