Allow sysadm to manage postgresql

Package-Manager: portage-2.1.9.25/cvs/Linux x86_64

4 files changed, 69 insertions, 2 deletions

diff --git a/sec-policy/selinux-postgresql/ChangeLog b/sec-policy/selinux-postgresql/ChangeLog
index 3cc8bef6bbb8..f1ca1a95a26d 100644
--- a/sec-policy/selinux-postgresql/ChangeLog
+++ b/sec-policy/selinux-postgresql/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sec-policy/selinux-postgresql
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postgresql/ChangeLog,v 1.28 2011/02/05 12:07:08 blueness Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postgresql/ChangeLog,v 1.29 2011/03/07 02:53:17 blueness Exp $
+
+*selinux-postgresql-2.20101213-r1 (07 Mar 2011)
+
+  07 Mar 2011; Anthony G. Basile <blueness@gentoo.org>
+  +files/fix-services-postgresql-r1.patch,
+  +selinux-postgresql-2.20101213-r1.ebuild:
+  Allow sysadm to manage postgresql
 
 *selinux-postgresql-2.20101213 (05 Feb 2011)
 
diff --git a/sec-policy/selinux-postgresql/files/fix-services-postgresql-r1.patch b/sec-policy/selinux-postgresql/files/fix-services-postgresql-r1.patch
new file mode 100644
index 000000000000..d0ef3b1238bd
--- /dev/null
+++ b/sec-policy/selinux-postgresql/files/fix-services-postgresql-r1.patch
@@ -0,0 +1,45 @@
+--- services/postgresql.te	2010-12-13 15:11:02.000000000 +0100
++++ services/postgresql.te	2011-02-13 14:36:56.000905046 +0100
+@@ -155,7 +155,7 @@
+ allow postgresql_t self:tcp_socket create_stream_socket_perms;
+ allow postgresql_t self:udp_socket create_stream_socket_perms;
+ allow postgresql_t self:unix_dgram_socket create_socket_perms;
+-allow postgresql_t self:unix_stream_socket create_stream_socket_perms;
++allow postgresql_t self:unix_stream_socket { connectto create_stream_socket_perms };
+ allow postgresql_t self:netlink_selinux_socket create_socket_perms;
+ 
+ allow postgresql_t sepgsql_database_type:db_database *;
+@@ -269,7 +269,8 @@
+ 
+ userdom_dontaudit_use_unpriv_user_fds(postgresql_t)
+ userdom_dontaudit_search_user_home_dirs(postgresql_t)
+-userdom_dontaudit_use_user_terminals(postgresql_t)
++userdom_use_user_terminals(postgresql_t)
++#userdom_dontaudit_use_user_terminals(postgresql_t)
+ 
+ mta_getattr_spool(postgresql_t)
+ 
+--- services/postgresql.fc	2010-08-03 15:11:07.000000000 +0200
++++ services/postgresql.fc	2011-02-13 13:40:48.798905046 +0100
+@@ -5,6 +5,10 @@
+ /etc/rc\.d/init\.d/(se)?postgresql --	gen_context(system_u:object_r:postgresql_initrc_exec_t,s0)
+ /etc/sysconfig/pgsql(/.*)? 		gen_context(system_u:object_r:postgresql_etc_t,s0)
+ 
++ifdef(`distro_gentoo', `
++/etc/postgresql-.*(/.*)?		gen_context(system_u:object_r:postgresql_etc_t,s0)
++')
++
+ #
+ # /usr
+ #
+@@ -23,6 +27,10 @@
+ /usr/share/jonas/pgsql(/.*)?		gen_context(system_u:object_r:postgresql_db_t,s0)
+ ')
+ 
++ifdef(`distro_gentoo', `
++/usr/lib(64)?/postgresql-.*/bin/.*	--	gen_context(system_u:object_r:postgresql_exec_t,s0)
++')
++
+ #
+ # /var
+ #
diff --git a/sec-policy/selinux-postgresql/selinux-postgresql-2.20101213-r1.ebuild b/sec-policy/selinux-postgresql/selinux-postgresql-2.20101213-r1.ebuild
new file mode 100644
index 000000000000..2b80bba822ca
--- /dev/null
+++ b/sec-policy/selinux-postgresql/selinux-postgresql-2.20101213-r1.ebuild
@@ -0,0 +1,14 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-postgresql/selinux-postgresql-2.20101213-r1.ebuild,v 1.1 2011/03/07 02:53:17 blueness Exp $
+
+MODS="postgresql"
+IUSE=""
+
+inherit selinux-policy-2
+
+DESCRIPTION="SELinux policy for PostgreSQL"
+
+KEYWORDS="~amd64 ~x86"
+
+POLICY_PATCH="${FILESDIR}/fix-services-postgresql-r1.patch"
diff --git a/sec-policy/selinux-sudo/Manifest b/sec-policy/selinux-sudo/Manifest
index 52b3a7fb09e5..55cbe2e6eeb6 100644
--- a/sec-policy/selinux-sudo/Manifest
+++ b/sec-policy/selinux-sudo/Manifest
@@ -6,7 +6,8 @@ DIST refpolicy-20080525.tar.bz2 336603 RMD160 c4e846a5506164f8c89994df4bbd05b396
 EBUILD selinux-sudo-2.20090730.ebuild 348 RMD160 a8f23bc2e7e67f8c11b508ad679ca015465a3eaa SHA1 fd8c2957fa249415c3c04c69f8defbaf371d049c SHA256 ec2be6bcc7227bc02dd3491a44edbb9f0d602cfe3c9de23aa4c810e7d2f31719
 EBUILD selinux-sudo-2.20091215.ebuild 348 RMD160 0a0ad9495e996bdb40c41573c44e430322b1d0e0 SHA1 e9e58b52f0e2ee1dc79d6d3f7b1c6a736f4e6c25 SHA256 6aabf3935ed97c8a8cfd73a256a326b29a93be294d5b5221a5e9537fb3f5d5e0
 EBUILD selinux-sudo-2.20101213-r1.ebuild 394 RMD160 93e2ddd8303525fc377a3948c2fe89c9b0a40b45 SHA1 7c6813a35ac9f7249f558bd4e3f97380492b689b SHA256 a0773795deb81a369f91b9116039d7e2c94c73a934b460a801ed46639f2fc6d0
+EBUILD selinux-sudo-2.20101213-r2.ebuild 409 RMD160 a7c6a66c1d5c129ee110e5b8cb164470b41b7a55 SHA1 28f7ca91b906e877a11139e30ccf9357b2858750 SHA256 0a0dbaf336a1c9b976efe9f9f3bf9d8028168f98474f874f205c707d78e12ddc
 EBUILD selinux-sudo-2.20101213.ebuild 348 RMD160 c444920dd5c5c6837d5b949a3b3260d171078a6f SHA1 3e4286ff8148c5b11d5c75ecc9c3f2df422e3ff4 SHA256 38863918a8bfbcd231da353ecca3210c51348438868e22ec98d6357a55f4a06e
 EBUILD selinux-sudo-20080525.ebuild 344 RMD160 fbc474280c2ecd8a2fb7d0b17f4a4c285a1e2320 SHA1 754b44209824877b237fcc0161b396841dd5004c SHA256 43a57573aa15fb1f2688d584938d7d3e127769daff7e5f27468f1616f62145f5
-MISC ChangeLog 2931 RMD160 3c08c13ad699efeded96c45deadf96769449f7b0 SHA1 96ae307cfb1ae2d1d7fcbc867b2367311b6837e9 SHA256 b08d5796fe89dbf85fb7f38279896c8578704415bf77bb2e58323c757dc7e452
+MISC ChangeLog 3141 RMD160 63c2c0e961e94dfe499ce3a878cc9ed9871efa24 SHA1 0fc6ba28d41e7df049b5af655aa131799b8676ff SHA256 b1ee2f6157c69133ea1c28dd6c4056bced05261e49d8593b82e3b7af197f692e
 MISC metadata.xml 228 RMD160 4429395b43d0375e200e4231c8236db3ff59088e SHA1 bc256ff80e44f750cb14806f04b3aeb2dc06aae2 SHA256 6bf61981a775fd7e11011159f387615cdb96e3e8017cb802335c7b339d23ced9