On Thu, Apr 30, 2015 at 4:13 AM, Denis Kirjanov wrote:
> Oh, I wasn't aware of that.
> Any hints where to look at?
Unfortunately, I don't really understand in detail how to write
selinux policies, so no.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
nesday, April 29, 2015 9:01:36 PM
Subject: Re: [HACKERS] [RFC] sepgsql: prohibit users to relabel objects
On Wed, Apr 29, 2015 at 9:15 AM, Denis Kirjanov wrote:
> Enforce access control on security labels defined by admin
> and prohibit users to relabel the objects
Really? Why? I wo
>
> Really? Why? I would think it's the policy's job to restrict relabel
> operations.
>
I agree. This seems like an unnecessary change.
-Adam
--
Adam Brightwell - adam.brightw...@crunchydatasolutions.com
Database Engineer - www.crunchydatasolutions.com
On Wed, Apr 29, 2015 at 9:15 AM, Denis Kirjanov wrote:
> Enforce access control on security labels defined by admin
> and prohibit users to relabel the objects
Really? Why? I would think it's the policy's job to restrict relabel
operations.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb
Enforce access control on security labels defined by admin
and prohibit users to relabel the objects
Signed-off-by: Denis Kirjanov
---
contrib/sepgsql/label.c |5 +
1 file changed, 5 insertions(+)
diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c
index ef7661c..470b90e 1006
