Hi,

a diff that handles the gentoo init scripts and the location of database files.

bye,
peter

-- 
petre rodan
<kaiowas@gentoo.org>
Developer,
Hardened Gentoo Linux


--- /root/public_html/policy/nsa/file_contexts/program/postgresql.fc	2004-10-21 12:56:53.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/postgresql/postgresql.fc	2004-10-28 11:48:44.000000000 +0300
@@ -12,7 +12,7 @@


 /usr/bin/pg_id		--	system_u:object_r:postgresql_exec_t

 /usr/bin/pg_restore	--	system_u:object_r:postgresql_exec_t

 
-/var/lib/postgres(/.*)?		system_u:object_r:postgresql_db_t
+/var/lib/postgres(ql)?(/.*)? system_u:object_r:postgresql_db_t


 /var/lib/pgsql(/.*)?		system_u:object_r:postgresql_db_t

 /var/run/postgresql(/.*)?	system_u:object_r:postgresql_var_run_t

 /etc/postgresql(/.*)?		system_u:object_r:postgresql_etc_t

--- /root/public_html/policy/nsa/domains/program/unused/postgresql.te	2004-10-12 12:32:18.000000000 +0300
+++ /root/cvs/cvs.gentoo.org/gentoo-projects/selinux/postgresql/postgresql.te	2004-10-28 11:48:12.000000000 +0300
@@ -108,3 +108,11 @@
 dontaudit postgresql_t selinux_config_t:dir { search };
 allow postgresql_t mail_spool_t:dir { search };
 rw_dir_create_file(postgresql_t, var_lock_t)
+
+ifdef(`distro_gentoo', `
+# "su - postgres ..." is called from initrc_t
+allow initrc_su_t postgresql_db_t:dir { search };
+allow postgresql_t initrc_su_t:process { sigchld };
+dontaudit initrc_su_t sysadm_devpts_t:chr_file rw_file_perms;
+')
+




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.



application/pgp-signature attachment: OpenPGP digital signature