diff --git a/policy-F15.patch b/policy-F15.patch index 83ac274..5b78df2 100644 --- a/policy-F15.patch +++ b/policy-F15.patch @@ -31197,7 +31197,7 @@ index 7257526..7d73656 100644 manage_files_pattern(postfix_policyd_t, postfix_policyd_var_run_t, postfix_policyd_var_run_t) files_pid_filetrans(postfix_policyd_t, postfix_policyd_var_run_t, file) diff --git a/policy/modules/services/postgresql.if b/policy/modules/services/postgresql.if -index 09aeffa..12d4432 100644 +index 09aeffa..dd70b14 100644 --- a/policy/modules/services/postgresql.if +++ b/policy/modules/services/postgresql.if @@ -10,7 +10,7 @@ @@ -31289,38 +31289,23 @@ index 09aeffa..12d4432 100644 ') ######################################## -@@ -459,6 +458,8 @@ interface(`postgresql_unpriv_client',` - type_transition $1 sepgsql_trusted_proc_exec_t:process sepgsql_trusted_proc_t; - allow $1 sepgsql_trusted_proc_t:process transition; - -+<<<<<<< .merge_file_hr5C3y -+======= - tunable_policy(`sepgsql_enable_users_ddl',` - allow $1 unpriv_sepgsql_schema_t:db_schema { create drop setattr }; - allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr }; -@@ -471,6 +472,7 @@ interface(`postgresql_unpriv_client',` +@@ -468,6 +467,7 @@ interface(`postgresql_unpriv_client',` + allow $1 unpriv_sepgsql_view_t:db_view { create drop setattr }; + allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr }; + ') ++ allow $1 unpriv_sepgsql_schema_t:db_schema { getattr add_name remove_name }; type_transition $1 sepgsql_database_type:db_schema unpriv_sepgsql_schema_t; -+>>>>>>> .merge_file_bHSs2v - allow $1 unpriv_sepgsql_table_t:db_table { getattr use select update insert delete lock }; - allow $1 unpriv_sepgsql_table_t:db_column { getattr use select update insert }; - allow $1 unpriv_sepgsql_table_t:db_tuple { use select update insert delete }; -@@ -492,6 +494,13 @@ interface(`postgresql_unpriv_client',` +@@ -492,6 +492,7 @@ interface(`postgresql_unpriv_client',` allow $1 unpriv_sepgsql_blob_t:db_blob { create drop getattr setattr read write import export }; type_transition $1 sepgsql_database_type:db_blob unpriv_sepgsql_blob_t; + -+ tunable_policy(`sepgsql_enable_users_ddl',` -+ allow $1 unpriv_sepgsql_table_t:db_table { create drop setattr }; -+ allow $1 unpriv_sepgsql_table_t:db_column { create drop setattr }; -+ allow $1 unpriv_sepgsql_sysobj_t:db_tuple { update insert delete }; -+ allow $1 unpriv_sepgsql_proc_exec_t:db_procedure { create drop setattr }; -+ ') ') ######################################## -@@ -531,13 +540,10 @@ interface(`postgresql_unconfined',` +@@ -531,13 +532,10 @@ interface(`postgresql_unconfined',` # interface(`postgresql_admin',` gen_require(` @@ -31338,7 +31323,7 @@ index 09aeffa..12d4432 100644 ') typeattribute $1 sepgsql_admin_type; -@@ -550,14 +556,19 @@ interface(`postgresql_admin',` +@@ -550,14 +548,19 @@ interface(`postgresql_admin',` role_transition $2 postgresql_initrc_exec_t system_r; allow $2 system_r;