From 0f05840bf4c256b838eca8f1be9d7b5be82ccd0e Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Thu, 28 Mar 2013 15:38:35 -0400 Subject: Allow sepgsql labels to depend on object name. The main change here is to call security_compute_create_name_raw() rather than security_compute_create_raw(). This ups the minimum requirement for libselinux from 2.0.99 to 2.1.10, but it looks like most distributions will have picked that up before 9.3 is out. KaiGai Kohei --- contrib/sepgsql/selinux.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'contrib/sepgsql/selinux.c') diff --git a/contrib/sepgsql/selinux.c b/contrib/sepgsql/selinux.c index f70254f2a74..863f0c143ff 100644 --- a/contrib/sepgsql/selinux.c +++ b/contrib/sepgsql/selinux.c @@ -836,7 +836,8 @@ sepgsql_compute_avd(const char *scontext, char * sepgsql_compute_create(const char *scontext, const char *tcontext, - uint16 tclass) + uint16 tclass, + const char *objname) { security_context_t ncontext; security_class_t tclass_ex; @@ -853,9 +854,11 @@ sepgsql_compute_create(const char *scontext, * Ask SELinux what is the default context for the given object class on a * pair of security contexts */ - if (security_compute_create_raw((security_context_t) scontext, - (security_context_t) tcontext, - tclass_ex, &ncontext) < 0) + if (security_compute_create_name_raw((security_context_t) scontext, + (security_context_t) tcontext, + tclass_ex, + objname, + &ncontext) < 0) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), errmsg("SELinux could not compute a new context: " -- cgit v1.2.3