+- Tunable connection to postgresql for users from KaiGai Kohei.
- Memprotect support patch from Stephen Smalley.
- Add logging_send_audit_msgs() interface and deprecate
send_audit_msgs_pattern().
')
ifdef(`TODO',`
-ifdef(`targeted_policy', `', `
-bool allow_user_postgresql_connect false;
-
-if (allow_user_postgresql_connect) {
-# allow any user domain to connect to the database server
-allow userdomain postgresql_t:unix_stream_socket connectto;
-allow userdomain postgresql_var_run_t:sock_file write;
-allow userdomain postgresql_tmp_t:sock_file write;
-}
-')
ifdef(`distro_debian', `
init_exec_script_files(postgresql_t)
# gross hack
pcscd_stream_connect($1_t)
')
+ optional_policy(`
+ tunable_policy(`allow_user_postgresql_connect',`
+ postgresql_stream_connect($1_t)
+ ')
+ ')
+
optional_policy(`
quota_dontaudit_getattr_db($1_t)
')
-policy_module(userdomain,2.2.2)
+policy_module(userdomain,2.2.3)
gen_require(`
role sysadm_r, staff_r, user_r;
## </desc>
gen_tunable(allow_user_mysql_connect,false)
+## <desc>
+## <p>
+## Allow users to connect to PostgreSQL
+## </p>
+## </desc>
+gen_tunable(allow_user_postgresql_connect,false)
+
## <desc>
## <p>
## Allow regular users direct mouse access
projects / people / stevee / selinux-policy.git / commitdiff
