MonetDB: Jul2017-SP2-selinux-fix - Fix for bug 6460.

Sun, 05 Nov 2017 03:55:41 -0800 

Changeset: a86d789c71f7 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=a86d789c71f7
Modified Files:
        MonetDB.spec
        buildtools/selinux/monetdb.te
Branch: Jul2017-SP2-selinux-fix
Log Message:

Fix for bug 6460.
This is a small patch on top of the Jul2017-SP2 release specifically
for Fedora 27 to allow mserver5 running under monetdbd running under
the control of systemd to perform mmap calls when SELinux is enabled.


diffs (39 lines):

diff --git a/MonetDB.spec b/MonetDB.spec
--- a/MonetDB.spec
+++ b/MonetDB.spec
@@ -890,7 +890,7 @@ Group: Applications/Databases
 %if "%{_selinux_policy_version}" != ""
 Requires:       selinux-policy >= %{_selinux_policy_version}
 %endif
-Requires:       %{name}-SQL-server5 = %{version}-%{release}
+Requires:       %{name}-SQL-server5 = %{version}
 Requires(post):   /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, 
MonetDB-SQL-server5, MonetDB5-server
 Requires(postun): /usr/sbin/semodule, /sbin/restorecon, /sbin/fixfiles, 
MonetDB-SQL-server5, MonetDB5-server
 BuildArch: noarch
@@ -1041,6 +1041,9 @@ done
 %postun -p /sbin/ldconfig
 
 %changelog
+* Sun Nov  5 2017 Sjoerd Mullender <sjo...@acm.org> - 11.27.9-20171105
+- BZ#6460 - selinux doen't allow mmap
+
 * Mon Oct 23 2017 Sjoerd Mullender <sjo...@acm.org> - 11.27.9-20171023
 - Rebuilt.
 - BZ#6207: identifier ambiguous when grouping and selecting the same
diff --git a/buildtools/selinux/monetdb.te b/buildtools/selinux/monetdb.te
--- a/buildtools/selinux/monetdb.te
+++ b/buildtools/selinux/monetdb.te
@@ -1,4 +1,4 @@
-policy_module(monetdb, 0.1)
+policy_module(monetdb, 0.2)
 # The above line declares that this file is a SELinux policy file. Its
 # name is monetdb, so the file should be saved as monetdb.te
 
@@ -39,6 +39,7 @@ manage_files_pattern(mserver5_t, mserver
 manage_dirs_pattern(mserver5_t, mserver5_db_t, mserver5_db_t)
 manage_files_pattern(monetdbd_t, mserver5_db_t, mserver5_db_t)
 manage_dirs_pattern(monetdbd_t, mserver5_db_t, mserver5_db_t)
+allow mserver5_t mserver5_db_t:file { map };
 
 # the context used for the configuration files
 type monetdbd_etc_t;
_______________________________________________
checkin-list mailing list
checkin-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/checkin-list

Reply via email to