rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/contrib/sepgsql/expected/dml.out

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

400 lines
14 KiB
Plaintext
Raw Normal View History

sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
--
-- Regression Test for DML Permissions
--
--
-- Setup
--
Fix cache reference leak in contrib/sepgsql. fixup_whole_row_references() did the wrong thing with a dropped column, resulting in a commit-time warning about a cache reference leak. I (tgl) added a test case exercising this, but back-patched the test only as far as v10; the patch didn't apply cleanly to 9.6 and it didn't seem worth the trouble to adapt it. The bug is pretty old though, so apply the code change all the way back. Michael Luo, with cosmetic improvements by me Discussion: https://postgr.es/m/BYAPR08MB5606D1453D7F50E2AF4D2FD29AD80@BYAPR08MB5606.namprd08.prod.outlook.com
2020-04-16 20:45:54 +02:00
CREATE TABLE t1 (a int, junk int, b text);
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
SECURITY LABEL ON TABLE t1 IS 'system_u:object_r:sepgsql_table_t:s0';
Fix cache reference leak in contrib/sepgsql. fixup_whole_row_references() did the wrong thing with a dropped column, resulting in a commit-time warning about a cache reference leak. I (tgl) added a test case exercising this, but back-patched the test only as far as v10; the patch didn't apply cleanly to 9.6 and it didn't seem worth the trouble to adapt it. The bug is pretty old though, so apply the code change all the way back. Michael Luo, with cosmetic improvements by me Discussion: https://postgr.es/m/BYAPR08MB5606D1453D7F50E2AF4D2FD29AD80@BYAPR08MB5606.namprd08.prod.outlook.com
2020-04-16 20:45:54 +02:00
ALTER TABLE t1 DROP COLUMN junk;
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc');
CREATE TABLE t2 (x int, y text);
SECURITY LABEL ON TABLE t2 IS 'system_u:object_r:sepgsql_ro_table_t:s0';
INSERT INTO t2 VALUES (1, 'xxx'), (2, 'yyy'), (3, 'zzz');
CREATE TABLE t3 (s int, t text);
SECURITY LABEL ON TABLE t3 IS 'system_u:object_r:sepgsql_fixed_table_t:s0';
INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu');
Fix cache reference leak in contrib/sepgsql. fixup_whole_row_references() did the wrong thing with a dropped column, resulting in a commit-time warning about a cache reference leak. I (tgl) added a test case exercising this, but back-patched the test only as far as v10; the patch didn't apply cleanly to 9.6 and it didn't seem worth the trouble to adapt it. The bug is pretty old though, so apply the code change all the way back. Michael Luo, with cosmetic improvements by me Discussion: https://postgr.es/m/BYAPR08MB5606D1453D7F50E2AF4D2FD29AD80@BYAPR08MB5606.namprd08.prod.outlook.com
2020-04-16 20:45:54 +02:00
CREATE TABLE t4 (m int, junk int, n text);
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
SECURITY LABEL ON TABLE t4 IS 'system_u:object_r:sepgsql_secret_table_t:s0';
Fix cache reference leak in contrib/sepgsql. fixup_whole_row_references() did the wrong thing with a dropped column, resulting in a commit-time warning about a cache reference leak. I (tgl) added a test case exercising this, but back-patched the test only as far as v10; the patch didn't apply cleanly to 9.6 and it didn't seem worth the trouble to adapt it. The bug is pretty old though, so apply the code change all the way back. Michael Luo, with cosmetic improvements by me Discussion: https://postgr.es/m/BYAPR08MB5606D1453D7F50E2AF4D2FD29AD80@BYAPR08MB5606.namprd08.prod.outlook.com
2020-04-16 20:45:54 +02:00
ALTER TABLE t4 DROP COLUMN junk;
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
INSERT INTO t4 VALUES (1, 'mmm'), (2, 'nnn'), (3, 'ooo');
CREATE TABLE t5 (e text, f text, g text);
SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0';
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
CREATE TABLE t1p (o int, p text, q text) PARTITION BY RANGE (o);
SECURITY LABEL ON TABLE t1p IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
-- partitioned table children
CREATE TABLE t1p_ones PARTITION OF t1p FOR VALUES FROM ('0') TO ('10');
SECURITY LABEL ON COLUMN t1p_ones.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p_ones.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p_ones.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
CREATE TABLE t1p_tens PARTITION OF t1p FOR VALUES FROM ('10') TO ('100');
SECURITY LABEL ON COLUMN t1p_tens.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p_tens.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p_tens.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
CREATE TABLE customer (cid int primary key, cname text, ccredit text);
SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0';
INSERT INTO customer VALUES (1, 'Taro', '1111-2222-3333-4444'),
(2, 'Hanako', '5555-6666-7777-8888');
CREATE FUNCTION customer_credit(int) RETURNS text
AS 'SELECT regexp_replace(ccredit, ''-[0-9]+$'', ''-????'') FROM customer WHERE cid = $1'
LANGUAGE sql;
SECURITY LABEL ON FUNCTION customer_credit(int)
IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
SELECT objtype, objname, label FROM pg_seclabels
WHERE provider = 'selinux'
AND objtype in ('table', 'column')
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
AND objname in ('t1', 't2', 't3', 't4',
't5', 't5.e', 't5.f', 't5.g',
't1p', 't1p.o', 't1p.p', 't1p.q',
't1p_ones', 't1p_ones.o', 't1p_ones.p', 't1p_ones.q',
't1p_tens', 't1p_tens.o', 't1p_tens.p', 't1p_tens.q')
Make sepgsql regression tests robust vs. collation differences In commit 25542d77, regression test coverage was added to sepgsql for partitioned tables. Unfortunately it was not robust in the face of collation differences, per the buildfarm. Force "C" collation in order to fix that. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-10 00:59:02 +02:00
ORDER BY objname COLLATE "C";
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
objtype | objname | label
---------+------------+---------------------------------------------
table | t1 | system_u:object_r:sepgsql_table_t:s0
table | t1p | system_u:object_r:sepgsql_table_t:s0
column | t1p.o | system_u:object_r:sepgsql_table_t:s0
Make sepgsql regression tests robust vs. collation differences In commit 25542d77, regression test coverage was added to sepgsql for partitioned tables. Unfortunately it was not robust in the face of collation differences, per the buildfarm. Force "C" collation in order to fix that. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-10 00:59:02 +02:00
column | t1p.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p.q | system_u:object_r:sepgsql_secret_table_t:s0
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
table | t1p_ones | unconfined_u:object_r:sepgsql_table_t:s0
column | t1p_ones.o | system_u:object_r:sepgsql_table_t:s0
column | t1p_ones.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p_ones.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t1p_tens | unconfined_u:object_r:sepgsql_table_t:s0
column | t1p_tens.o | system_u:object_r:sepgsql_table_t:s0
column | t1p_tens.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p_tens.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
table | t5 | system_u:object_r:sepgsql_table_t:s0
column | t5.e | system_u:object_r:sepgsql_table_t:s0
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
(20 rows)
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
sepgsql: Enforce db_schema:search permission. KaiGai Kohei, with comment and doc wordsmithing by me
2013-04-05 14:51:31 +02:00
CREATE SCHEMA my_schema_1;
CREATE TABLE my_schema_1.ts1 (a int, b text);
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
CREATE TABLE my_schema_1.pts1 (o int, p text) PARTITION BY RANGE (o);
CREATE TABLE my_schema_1.pts1_ones PARTITION OF my_schema_1.pts1 FOR VALUES FROM ('0') to ('10');
sepgsql: Enforce db_schema:search permission. KaiGai Kohei, with comment and doc wordsmithing by me
2013-04-05 14:51:31 +02:00
CREATE SCHEMA my_schema_2;
CREATE TABLE my_schema_2.ts2 (x int, y text);
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
CREATE TABLE my_schema_2.pts2 (o int, p text) PARTITION BY RANGE (o);
CREATE TABLE my_schema_2.pts2_tens PARTITION OF my_schema_2.pts2 FOR VALUES FROM ('10') to ('100');
sepgsql: Enforce db_schema:search permission. KaiGai Kohei, with comment and doc wordsmithing by me
2013-04-05 14:51:31 +02:00
SECURITY LABEL ON SCHEMA my_schema_2
IS 'system_u:object_r:sepgsql_regtest_invisible_schema_t:s0';
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
-- Hardwired Rules
UPDATE pg_attribute SET attisdropped = true
WHERE attrelid = 't5'::regclass AND attname = 'f'; -- failed
Various sepgsql corrections. KaiGai Kohei
2011-02-03 05:39:43 +01:00
ERROR: SELinux: hardwired security policy violation
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
--
-- Simple DML statements
--
SELECT sepgsql_getcon(); -- confirm client privilege
sepgsql_getcon
-----------------------------------------------------
unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
(1 row)
SELECT * FROM t1; -- ok
a | b
---+-----
1 | aaa
2 | bbb
3 | ccc
(3 rows)
SELECT * FROM t2; -- ok
x | y
---+-----
1 | xxx
2 | yyy
3 | zzz
(3 rows)
SELECT * FROM t3; -- ok
s | t
---+-----
1 | sss
2 | ttt
3 | uuu
(3 rows)
SELECT * FROM t4; -- failed
ERROR: SELinux: security policy violation
SELECT * FROM t5; -- failed
ERROR: SELinux: security policy violation
SELECT e,f FROM t5; -- ok
e | f
---+---
(0 rows)
Fix cache reference leak in contrib/sepgsql. fixup_whole_row_references() did the wrong thing with a dropped column, resulting in a commit-time warning about a cache reference leak. I (tgl) added a test case exercising this, but back-patched the test only as far as v10; the patch didn't apply cleanly to 9.6 and it didn't seem worth the trouble to adapt it. The bug is pretty old though, so apply the code change all the way back. Michael Luo, with cosmetic improvements by me Discussion: https://postgr.es/m/BYAPR08MB5606D1453D7F50E2AF4D2FD29AD80@BYAPR08MB5606.namprd08.prod.outlook.com
2020-04-16 20:45:54 +02:00
SELECT (t1.*)::record FROM t1; -- ok
t1
---------
(1,aaa)
(2,bbb)
(3,ccc)
(3 rows)
SELECT (t4.*)::record FROM t4; -- failed
ERROR: SELinux: security policy violation
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
SELECT * FROM t1p; -- failed
ERROR: SELinux: security policy violation
SELECT o,p FROM t1p; -- ok
o | p
---+---
(0 rows)
--partitioned table children
SELECT * FROM t1p_ones; -- failed
ERROR: SELinux: security policy violation
SELECT o FROM t1p_ones; -- ok
o
---
(0 rows)
SELECT o,p FROM t1p_ones; -- ok
o | p
---+---
(0 rows)
SELECT * FROM t1p_tens; -- failed
ERROR: SELinux: security policy violation
SELECT o FROM t1p_tens; -- ok
o
---
(0 rows)
SELECT o,p FROM t1p_tens; -- ok
o | p
---+---
(0 rows)
---
SELECT * FROM customer; -- failed
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
ERROR: SELinux: security policy violation
SELECT cid, cname, customer_credit(cid) FROM customer; -- ok
cid | cname | customer_credit
-----+--------+---------------------
1 | Taro | 1111-2222-3333-????
2 | Hanako | 5555-6666-7777-????
(2 rows)
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
SELECT count(*) FROM t5; -- ok
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
count
-------
0
(1 row)
SELECT count(*) FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
SELECT count(*) FROM t1p; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
SELECT count(*) FROM t1p_ones; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p_ones WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
SELECT count(*) FROM t1p_tens; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p_tens WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
INSERT INTO t1 VALUES (4, 'abc'); -- ok
INSERT INTO t2 VALUES (4, 'xyz'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t3 VALUES (4, 'stu'); -- ok
INSERT INTO t4 VALUES (4, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 VALUES (1,2,3); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e,f) VALUES ('abc', 'def'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e) VALUES ('abc'); -- ok
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
INSERT INTO t1p (o,p) VALUES (9, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p (o) VALUES (9); -- ok
INSERT INTO t1p (o,p) VALUES (99, 'pqr'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p (o) VALUES (99); -- ok
-- partitioned table children
INSERT INTO t1p_ones (o,p) VALUES (9, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p_ones (o) VALUES (9); -- ok
INSERT INTO t1p_tens (o,p) VALUES (99, 'pqr'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p_tens (o) VALUES (99); -- ok
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
UPDATE t1 SET b = b || '_upd'; -- ok
UPDATE t2 SET y = y || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t3 SET t = t || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t4 SET n = n || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t5 SET e = 'xyz'; -- ok
UPDATE t5 SET e = f || '_upd'; -- ok
UPDATE t5 SET e = g || '_upd'; -- failed
ERROR: SELinux: security policy violation
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
UPDATE t1p SET o = 9 WHERE o < 10; -- ok
Fix whitespace
2017-04-10 17:18:15 +02:00
UPDATE t1p SET o = 99 WHERE o >= 10; -- ok
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
UPDATE t1p SET o = ascii(COALESCE(p,'upd'))%10 WHERE o < 10; -- ok
UPDATE t1p SET o = ascii(COALESCE(q,'upd'))%100 WHERE o >= 10; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
UPDATE t1p_ones SET o = 9; -- ok
UPDATE t1p_ones SET o = ascii(COALESCE(p,'upd'))%10; -- ok
UPDATE t1p_ones SET o = ascii(COALESCE(q,'upd'))%10; -- failed
ERROR: SELinux: security policy violation
Fix whitespace
2017-04-10 17:18:15 +02:00
UPDATE t1p_tens SET o = 99; -- ok
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
UPDATE t1p_tens SET o = ascii(COALESCE(p,'upd'))%100; -- ok
UPDATE t1p_tens SET o = ascii(COALESCE(q,'upd'))%100; -- failed
ERROR: SELinux: security policy violation
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
DELETE FROM t1; -- ok
DELETE FROM t2; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t3; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t4; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t5; -- ok
DELETE FROM t5 WHERE f IS NULL; -- ok
DELETE FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
DELETE FROM t1p; -- ok
DELETE FROM t1p WHERE p IS NULL; -- ok
DELETE FROM t1p WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
DELETE FROM t1p_ones WHERE p IS NULL; -- ok
DELETE FROM t1p_ones WHERE q IS NULL; -- failed;
ERROR: SELinux: security policy violation
DELETE FROM t1p_tens WHERE p IS NULL; -- ok
DELETE FROM t1p_tens WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
--
-- COPY TO/FROM statements
--
COPY t1 TO '/dev/null'; -- ok
COPY t2 TO '/dev/null'; -- ok
COPY t3 TO '/dev/null'; -- ok
COPY t4 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5(e,f) TO '/dev/null'; -- ok
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
COPY (SELECT * FROM t1p) TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY (SELECT (o,p) FROM t1p) TO '/dev/null'; -- ok
-- partitioned table children
COPY t1p_ones TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_ones(o,p) TO '/dev/null'; -- ok
COPY t1p_tens TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_tens(o,p) TO '/dev/null'; -- ok
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
COPY t1 FROM '/dev/null'; -- ok
COPY t2 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t3 FROM '/dev/null'; -- ok
COPY t4 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e,f) FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e) FROM '/dev/null'; -- ok
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
---
-- partitioned table parent
COPY t1p FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p (o) FROM '/dev/null'; -- ok
-- partitioned table children
COPY t1p_ones FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_ones (o) FROM '/dev/null'; -- ok
COPY t1p_tens FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_tens (o) FROM '/dev/null'; -- ok
---
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
--
sepgsql: Enforce db_schema:search permission. KaiGai Kohei, with comment and doc wordsmithing by me
2013-04-05 14:51:31 +02:00
-- Schema search path
--
SET search_path = my_schema_1, my_schema_2, public;
SELECT * FROM ts1; -- ok
a | b
---+---
(0 rows)
SELECT * FROM ts2; -- failed (relation not found)
ERROR: relation "ts2" does not exist
LINE 1: SELECT * FROM ts2;
^
SELECT * FROM my_schema_2.ts2; -- failed (policy violation)
ERROR: SELinux: security policy violation
LINE 1: SELECT * FROM my_schema_2.ts2;
^
--
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
-- Clean up
--
SELECT sepgsql_getcon(); -- confirm client privilege
Fix sepgsql regression tests. The regression tests for sepgsql were broken by changes in the base distro as-shipped policies. Specifically, definition of unconfined_t in the system default policy was changed to bypass multi-category rules, which the regression test depended on. Fix that by defining a custom privileged domain (sepgsql_regtest_superuser_t) and using it instead of system's unconfined_t domain. The new sepgsql_regtest_superuser_t domain performs almost like the current unconfined_t, but restricted by multi-category policy as the traditional unconfined_t was. The custom policy module is a self defined domain, and so should not be affected by related future system policy changes. However, it still uses the unconfined_u:unconfined_r pair for selinux-user and role. Those definitions have not been changed for several years and seem less risky to rely on than the unconfined_t domain. Additionally, if we define custom user/role, they would need to be manually defined at the operating system level, adding more complexity to an already non-standard and complex regression test. Back-patch to 9.3. The regression tests will need more work before working correctly on 9.2. Starting with 9.2, sepgsql has had dependencies on libselinux versions that are only available on newer distros with the changed set of policies (e.g. RHEL 7.x). On 9.1 sepgsql works fine with the older distros with original policy set (e.g. RHEL 6.x), and on which the existing regression tests work fine. We might want eventually change 9.1 sepgsql regression tests to be more independent from the underlying OS policies, however more work will be needed to make that happen and it is not clear that it is worth the effort. Kohei KaiGai with review by Adam Brightwell and me, commentary by Stephen, Alvaro, Tom, Robert, and others.
2015-08-30 20:09:05 +02:00
sepgsql_getcon
---------------------------------------------------------------------
unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0-s0:c0.c255
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
(1 row)
DROP TABLE IF EXISTS t1 CASCADE;
DROP TABLE IF EXISTS t2 CASCADE;
DROP TABLE IF EXISTS t3 CASCADE;
DROP TABLE IF EXISTS t4 CASCADE;
DROP TABLE IF EXISTS t5 CASCADE;
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
DROP TABLE IF EXISTS t1p CASCADE;
sepgsql, an SE-Linux integration for PostgreSQL This is still pretty rough - among other things, the documentation needs work, and the messages need a visit from the style police - but this gets the basic framework in place. KaiGai Kohei
2011-01-24 02:44:48 +01:00
DROP TABLE IF EXISTS customer CASCADE;
sepgsql: Enforce db_schema:search permission. KaiGai Kohei, with comment and doc wordsmithing by me
2013-04-05 14:51:31 +02:00
DROP SCHEMA IF EXISTS my_schema_1 CASCADE;
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table my_schema_1.ts1
drop cascades to table my_schema_1.pts1
sepgsql: Enforce db_schema:search permission. KaiGai Kohei, with comment and doc wordsmithing by me
2013-04-05 14:51:31 +02:00
DROP SCHEMA IF EXISTS my_schema_2 CASCADE;
Add partitioned table support to sepgsql The new partitioned table capability added a new relkind, namely RELKIND_PARTITIONED_TABLE. Update sepgsql to treat this new relkind exactly the same way it does RELKIND_RELATION. In addition, add regression test coverage for partitioned tables. Issue raised by Stephen Frost and initial patch by Mike Palmiotto. Review by Tom Lane and Robert Haas, and editorializing by me. Discussion: https://postgr.es/m/flat/623bcaae-112e-ced0-8c22-a84f75ae0c53%40joeconway.com
2017-04-09 23:01:58 +02:00
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table my_schema_2.ts2
drop cascades to table my_schema_2.pts2