diff options
| author | Robert Haas <rhaas@postgresql.org> | 2011-12-21 09:12:43 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2011-12-21 09:14:02 -0500 |
| commit | e1042a348421bc16f4d4307228a9951e38a984f1 (patch) | |
| tree | 4eacfff9c369f9c60d642c99fe9381785f10930f /doc/src | |
| parent | 7f0e4bb82e408090c0366c63a9ff4c0f7c4b0a8e (diff) | |
sepgsql: Check CREATE permissions for some object types.
KaiGai Kohei, reviewed by Dimitri Fontaine and me.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/sepgsql.sgml | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml index f2c92667092..e45c258ac89 100644 --- a/doc/src/sgml/sepgsql.sgml +++ b/doc/src/sgml/sepgsql.sgml @@ -421,6 +421,33 @@ UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100; <sect3> <title>DDL Permissions</title> <para> + <productname>SELinux</> defines several permissions to control common + operations for each object types; such as creation, alter, drop and + relabel of security label. In addition, several object types has its + special permissions to control its characteristic operations; such as + addition or deletion of name entries underlying a particular schema. + </para> + <para> + When <literal>CREATE</> command is executed, <literal>create</> will + be checked on the object being constructed for each object types. + A default security label shall be assigned on the new database object, + and the <literal>create</> permission needs to be allowed on the pair + of security label of the client and the new object itself. + We consider <xref linkend="sql-createtable"> construct a table and + underlying columns at the same time, so it requires users permission + to create both of table and columns. + </para> + <para> + A few additional checks are applied depending on object types. + On <xref linkend="sql-createdatabase">, <literal>getattr</> permission + shall be checked on the source or template database of the new database, + not only <literal>create</> on the new database. + On creation of objects underlying a particula schema (tables, views, + sequences and procedures), <literal>add_name</> shall be also chechked + on the schema, not only <literal>create</> on the new object itself. + </para> + + <para> When <xref linkend="sql-security-label"> is executed, <literal>setattr</> and <literal>relabelfrom</> will be checked on the object being relabeled with its old security label, then <literal>relabelto</> with the supplied @@ -509,7 +536,8 @@ postgres=# SELECT cid, cname, show_credit(cid) FROM customer; <term>Data Definition Language (DDL) Permissions</term> <listitem> <para> - Due to implementation restrictions, DDL permissions are not checked. + Due to implementation restrictions, some of DDL permissions are not + checked. </para> </listitem> </varlistentry> |