From 0f05840bf4c256b838eca8f1be9d7b5be82ccd0e Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Thu, 28 Mar 2013 15:38:35 -0400 Subject: Allow sepgsql labels to depend on object name. The main change here is to call security_compute_create_name_raw() rather than security_compute_create_raw(). This ups the minimum requirement for libselinux from 2.0.99 to 2.1.10, but it looks like most distributions will have picked that up before 9.3 is out. KaiGai Kohei --- doc/src/sgml/sepgsql.sgml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml index 5ee08e1dee2..7c7f953f919 100644 --- a/doc/src/sgml/sepgsql.sgml +++ b/doc/src/sgml/sepgsql.sgml @@ -63,7 +63,7 @@ sepgsql can only be used on Linux 2.6.28 or higher with SELinux enabled. It is not available on any other platform. You will also need - libselinux 2.0.99 or higher and + libselinux 2.1.10 or higher and selinux-policy 3.9.13 or higher (although some distributions may backport the necessary rules into older policy versions). @@ -326,8 +326,9 @@ $ sudo semodule -r sepgsql-regtest When sepgsql is in use, security labels are automatically assigned to supported database objects at creation time. This label is called a default security label, and is decided according - to the system security policy, which takes as input the creator's label - and the label assigned to the new object's parent object. + to the system security policy, which takes as input the creator's label, + the label assigned to the new object's parent object and optionally name + of the constructed object. -- cgit v1.2.3