diff options
| author | Robert Haas | 2013-03-28 19:38:35 +0000 |
|---|---|---|
| committer | Robert Haas | 2013-03-28 19:41:38 +0000 |
| commit | 0f05840bf4c256b838eca8f1be9d7b5be82ccd0e (patch) | |
| tree | 33f506bd41aad831419e63885a63a2200706344a /contrib/sepgsql/relation.c | |
| parent | ae7f1c3ef2eef9584e3c9a42c395eb0c0e59a5ed (diff) | |
Allow sepgsql labels to depend on object name.
The main change here is to call security_compute_create_name_raw()
rather than security_compute_create_raw(). This ups the minimum
requirement for libselinux from 2.0.99 to 2.1.10, but it looks
like most distributions will have picked that up before 9.3 is out.
KaiGai Kohei
Diffstat (limited to 'contrib/sepgsql/relation.c')
| -rw-r--r-- | contrib/sepgsql/relation.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/contrib/sepgsql/relation.c b/contrib/sepgsql/relation.c index 8bcaa41d312..dd4593dd3ac 100644 --- a/contrib/sepgsql/relation.c +++ b/contrib/sepgsql/relation.c @@ -88,7 +88,8 @@ sepgsql_attribute_post_create(Oid relOid, AttrNumber attnum) scontext = sepgsql_get_client_label(); tcontext = sepgsql_get_label(RelationRelationId, relOid, 0); ncontext = sepgsql_compute_create(scontext, tcontext, - SEPG_CLASS_DB_COLUMN); + SEPG_CLASS_DB_COLUMN, + NameStr(attForm->attname)); /* * check db_column:{create} permission @@ -309,7 +310,8 @@ sepgsql_relation_post_create(Oid relOid) scontext = sepgsql_get_client_label(); tcontext = sepgsql_get_label(NamespaceRelationId, classForm->relnamespace, 0); - rcontext = sepgsql_compute_create(scontext, tcontext, tclass); + rcontext = sepgsql_compute_create(scontext, tcontext, tclass, + NameStr(classForm->relname)); /* * check db_xxx:{create} permission @@ -363,7 +365,8 @@ sepgsql_relation_post_create(Oid relOid) ccontext = sepgsql_compute_create(scontext, rcontext, - SEPG_CLASS_DB_COLUMN); + SEPG_CLASS_DB_COLUMN, + NameStr(attForm->attname)); /* * check db_column:{create} permission |