Обсуждение: pgsql: Update sepgsql to add mandatory access control for TRUNCATE
Update sepgsql to add mandatory access control for TRUNCATE Use SELinux "db_table: { truncate }" to check if permission is granted to TRUNCATE. Update example SELinux policy to grant needed permission for TRUNCATE. Add new regression test to demonstrate a positive and negative cases. Test will only be run if the loaded SELinux policy has the "db_table: { truncate }" permission. Makes use of recent commit which added object TRUNCATE hook. Patch by Yuli Khodorkovskiy with minor editorialization by me. Not back-patched because the object TRUNCATE hook was not. Author: Yuli Khodorkovskiy Reviewed-by: Joe Conway Discussion: https://postgr.es/m/CAFL5wJcomybj1Xdw7qWmPJRpGuFukKgNrDb6uVBaCMgYS9dkaA%40mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/4f66c93f61439b4db866b21cc1ecd5bf815564ef Modified Files -------------- contrib/sepgsql/expected/truncate.out | 46 +++++++++++++++++++++++++++++++++++ contrib/sepgsql/hooks.c | 14 +++++++++++ contrib/sepgsql/relation.c | 40 ++++++++++++++++++++++++++++++ contrib/sepgsql/selinux.c | 3 +++ contrib/sepgsql/sepgsql-regtest.te | 8 ++++++ contrib/sepgsql/sepgsql.h | 2 ++ contrib/sepgsql/sql/truncate.sql | 24 ++++++++++++++++++ contrib/sepgsql/test_sepgsql | 16 +++++++++++- 8 files changed, 152 insertions(+), 1 deletion(-)