appdir := $(contextpath)
user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
user_default_contexts_names := $(addprefix $(contextpath)/users/,$(subst _default_contexts,,$(notdir $(user_default_contexts))))
-appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
+appfiles := $(addprefix $(appdir)/,default_contexts default_type initrc_context failsafe_context userhelper_context removable_context dbus_contexts sepgsql_contexts x_contexts customizable_types securetty_types) $(contextpath)/files/media $(user_default_contexts_names)
net_contexts := $(builddir)net_contexts
all_layers := $(shell find $(wildcard $(moddir)/*) -maxdepth 0 -type d)
--- /dev/null
+#
+# Initial security label for SE-PostgreSQL (MCS)
+#
+
+# <databases>
+db_database * system_u:object_r:sepgsql_db_t:s0
+
+# <schemas>
+db_schema *.* system_u:object_r:sepgsql_schema_t:s0
+
+# <tables>
+db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
+db_table *.*.* system_u:object_r:sepgsql_table_t:s0
+
+# <column>
+db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
+db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
+
+# <sequences>
+db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
+
+# <views>
+db_view *.*.* system_u:object_r:sepgsql_view_t:s0
+
+# <procedures>
+db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
+
+# <tuples>
+db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
+db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
+
+# <blobs>
+db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
+
+# <language>
+db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.* system_u:object_r:sepgsql_lang_t:s0
--- /dev/null
+#
+# Initial security label for SE-PostgreSQL (MLS)
+#
+
+# <databases>
+db_database * system_u:object_r:sepgsql_db_t:s0
+
+# <schemas>
+db_schema *.* system_u:object_r:sepgsql_schema_t:s0
+
+# <tables>
+db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
+db_table *.*.* system_u:object_r:sepgsql_table_t:s0
+
+# <column>
+db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t:s0
+db_column *.*.*.* system_u:object_r:sepgsql_table_t:s0
+
+# <sequences>
+db_sequence *.*.* system_u:object_r:sepgsql_seq_t:s0
+
+# <views>
+db_view *.*.* system_u:object_r:sepgsql_view_t:s0
+
+# <procedures>
+db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t:s0
+
+# <tuples>
+db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t:s0
+db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
+
+# <blobs>
+db_blobs *.* system_u:object_r:sepgsql_blob_t:s0
+
+# <language>
+db_language *.sql system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t:s0
+db_language *.* system_u:object_r:sepgsql_lang_t:s0
--- /dev/null
+#
+# Initial security label for SE-PostgreSQL (none-MLS)
+#
+
+# <databases>
+db_database * system_u:object_r:sepgsql_db_t
+
+# <schemas>
+db_schema *.* system_u:object_r:sepgsql_schema_t
+
+# <tables>
+db_table *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t
+db_table *.*.* system_u:object_r:sepgsql_table_t
+
+# <column>
+db_column *.pg_catalog.*.* system_u:object_r:sepgsql_sysobj_t
+db_column *.*.*.* system_u:object_r:sepgsql_table_t
+
+# <sequences>
+db_sequence *.*.* system_u:object_r:sepgsql_seq_t
+
+# <views>
+db_view *.*.* system_u:object_r:sepgsql_view_t
+
+# <procedures>
+db_procedure *.*.* system_u:object_r:sepgsql_proc_exec_t
+
+# <tuples>
+db_tuple *.pg_catalog.* system_u:object_r:sepgsql_sysobj_t
+db_tuple *.*.* system_u:object_r:sepgsql_table_t
+
+# <blobs>
+db_blobs *.* system_u:object_r:sepgsql_blob_t
+
+# <language>
+db_language *.sql system_u:object_r:sepgsql_safe_lang_t
+db_language *.plpgsql system_u:object_r:sepgsql_safe_lang_t
+db_language *.pltcl system_u:object_r:sepgsql_safe_lang_t
+db_language *.plperl system_u:object_r:sepgsql_safe_lang_t
+db_language *.* system_u:object_r:sepgsql_lang_t
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/initrc_context
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/removable_context
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/userhelper_context
+%config(noreplace) %{_sysconfdir}/selinux/*/contexts/sepgsql_contexts
%config(noreplace) %{_sysconfdir}/selinux/*/contexts/x_contexts
%dir %{_sysconfdir}/selinux/*/contexts/files
#%ghost %config %{_sysconfdir}/selinux/*/contexts/files/file_contexts
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/initrc_context
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/removable_context
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/userhelper_context
+%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/sepgsql_contexts
%config(noreplace) %{_sysconfdir}/selinux/%{polname1}/contexts/x_contexts
%dir %{_sysconfdir}/selinux/%{polname1}/contexts/files
#%ghost %config %{_sysconfdir}/selinux/%{polname1}/contexts/files/file_contexts
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/initrc_context
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/removable_context
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/userhelper_context
+%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/sepgsql_contexts
%config(noreplace) %{_sysconfdir}/selinux/%{polname2}/contexts/x_contexts
%dir %{_sysconfdir}/selinux/%{polname2}/contexts/files
#%ghost %config %{_sysconfdir}/selinux/%{polname2}/contexts/files/file_contexts
projects / people / stevee / selinux-policy.git / commitdiff
