On 11/21/22 17:35, Joe Conway wrote: > On 11/21/22 15:57, Ted Toth wrote: >> In SELinux file context files you can specify <<none>> for a file >> meaning you don't want restorecon to relabel it. <<none>> is >> especially useful in an SELinux MLS environment when objects are >> created at a specific security level and you don't want restorecon to >> relabel them to the wrong security level. > > +1 > > Please add to the next commitfest here: > https://commitfest.postgresql.org/41/
Comments:
1. It seems like the check for a "<<none>>" context should go into sepgsql_object_relabel() directly rather than exec_object_restorecon(). The former gets registered as a hook in _PG_init(), so the with the current location we would fail to skip the relabel when that gets called.
The intent is not to stop all relabeling only to stop sepgsql_restorecon from doing a bulk relabel. I believe sepgsql_object_relabel is called by the 'SECURITY LABEL' statement which I'm using to set the label of db objects to a specific context which I would not want altered later by a restorecon.
2. Please provide one or more test case (likely in label.sql)
3. An example, or at least a note, mentioning "<<none>>" context and the implications would be appropriate.
-- Joe Conway PostgreSQL Contributors Team RDS Open Source Databases Amazon Web Services: https://aws.amazon.com