-- -- Regression Tests for Label Management -- -- -- Setup -- CREATE TABLE t1 (a int, b text); INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc'); CREATE TABLE t2 AS SELECT * FROM t1 WHERE a % 2 = 0; CREATE FUNCTION f1 () RETURNS text AS 'SELECT sepgsql_getcon()' LANGUAGE sql; CREATE FUNCTION f2 () RETURNS text AS 'SELECT sepgsql_getcon()' LANGUAGE sql; SECURITY LABEL ON FUNCTION f2() IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0'; CREATE FUNCTION f3 () RETURNS text AS 'BEGIN RAISE EXCEPTION ''an exception from f3()''; RETURN NULL; END;' LANGUAGE plpgsql; SECURITY LABEL ON FUNCTION f3() IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0'; CREATE FUNCTION f4 () RETURNS text AS 'SELECT sepgsql_getcon()' LANGUAGE sql; SECURITY LABEL ON FUNCTION f4() IS 'system_u:object_r:sepgsql_nosuch_trusted_proc_exec_t:s0'; CREATE FUNCTION f5 (text) RETURNS bool AS 'SELECT sepgsql_setcon($1)' LANGUAGE sql; SECURITY LABEL ON FUNCTION f5(text) IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0'; CREATE TABLE auth_tbl(uname text, credential text, label text); INSERT INTO auth_tbl VALUES ('foo', 'acbd18db4cc2f85cedef654fccc4a4d8', 'sepgsql_regtest_foo_t:s0'), ('var', 'b2145aac704ce76dbe1ac7adac535b23', 'sepgsql_regtest_var_t:s0'), ('baz', 'b2145aac704ce76dbe1ac7adac535b23', 'sepgsql_regtest_baz_t:s0'); SECURITY LABEL ON TABLE auth_tbl IS 'system_u:object_r:sepgsql_secret_table_t:s0'; CREATE FUNCTION auth_func(text, text) RETURNS bool LANGUAGE sql AS 'SELECT sepgsql_setcon(regexp_replace(sepgsql_getcon(), ''_r:.*$'', ''_r:'' || label)) FROM auth_tbl WHERE uname = $1 AND credential = $2'; SECURITY LABEL ON FUNCTION auth_func(text,text) IS 'system_u:object_r:sepgsql_regtest_trusted_proc_exec_t:s0'; CREATE TABLE foo_tbl(a int, b text); INSERT INTO foo_tbl VALUES (1, 'aaa'), (2,'bbb'), (3,'ccc'), (4,'ddd'); SECURITY LABEL ON TABLE foo_tbl IS 'system_u:object_r:sepgsql_regtest_foo_table_t:s0'; CREATE TABLE var_tbl(x int, y text); INSERT INTO var_tbl VALUES (2,'xxx'), (3,'yyy'), (4,'zzz'), (5,'xyz'); SECURITY LABEL ON TABLE var_tbl IS 'system_u:object_r:sepgsql_regtest_var_table_t:s0'; CREATE TABLE foo_ptbl(o int, p text) PARTITION BY RANGE (o); CREATE TABLE foo_ptbl_ones PARTITION OF foo_ptbl FOR VALUES FROM ('0') TO ('10'); CREATE TABLE foo_ptbl_tens PARTITION OF foo_ptbl FOR VALUES FROM ('10') TO ('100'); INSERT INTO foo_ptbl VALUES (0, 'aaa'), (9,'bbb'), (10,'ccc'), (99,'ddd'); SECURITY LABEL ON TABLE foo_ptbl IS 'system_u:object_r:sepgsql_regtest_foo_table_t:s0'; CREATE TABLE var_ptbl(q int, r text) PARTITION BY RANGE (q); CREATE TABLE var_ptbl_ones PARTITION OF var_ptbl FOR VALUES FROM ('0') TO ('10'); CREATE TABLE var_ptbl_tens PARTITION OF var_ptbl FOR VALUES FROM ('10') TO ('100'); INSERT INTO var_ptbl VALUES (0,'xxx'), (9,'yyy'), (10,'zzz'), (99,'xyz'); SECURITY LABEL ON TABLE var_ptbl IS 'system_u:object_r:sepgsql_regtest_var_table_t:s0'; -- -- Tests for default labeling behavior -- SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 (1 row) CREATE TABLE t3 (s int, t text); INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu'); SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ---------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_dba_t:s0 (1 row) CREATE TABLE t4 (m int, n text); INSERT INTO t4 VALUES (1,'mmm'), (2,'nnn'), (3,'ooo'); SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 (1 row) CREATE TABLE tpart (o int, p text) PARTITION BY RANGE (o); CREATE TABLE tpart_ones PARTITION OF tpart FOR VALUES FROM ('0') TO ('10'); SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ---------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_dba_t:s0 (1 row) CREATE TABLE tpart_tens PARTITION OF tpart FOR VALUES FROM ('10') TO ('100'); INSERT INTO tpart VALUES (0, 'aaa'); INSERT INTO tpart VALUES (9, 'bbb'); INSERT INTO tpart VALUES (99, 'ccc'); SELECT objtype, objname, label FROM pg_seclabels WHERE provider = 'selinux' AND objtype = 'table' AND objname in ('t1', 't2', 't3', 'tpart', 'tpart_ones', 'tpart_tens') ORDER BY objname COLLATE "C" ASC; objtype | objname | label ---------+------------+----------------------------------------------- table | t1 | unconfined_u:object_r:sepgsql_table_t:s0 table | t2 | unconfined_u:object_r:sepgsql_table_t:s0 table | t3 | unconfined_u:object_r:user_sepgsql_table_t:s0 table | tpart | unconfined_u:object_r:user_sepgsql_table_t:s0 table | tpart_ones | unconfined_u:object_r:user_sepgsql_table_t:s0 table | tpart_tens | unconfined_u:object_r:sepgsql_table_t:s0 (6 rows) SELECT objtype, objname, label FROM pg_seclabels WHERE provider = 'selinux' AND objtype = 'column' AND (objname like 't3.%' OR objname like 't4.%' OR objname like 'tpart.%' OR objname like 'tpart_ones.%' OR objname like 'tpart_tens.%') ORDER BY objname COLLATE "C" ASC; objtype | objname | label ---------+---------------------+----------------------------------------------- column | t3.cmax | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.cmin | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.ctid | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.s | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.t | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.tableoid | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.xmax | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t3.xmin | unconfined_u:object_r:user_sepgsql_table_t:s0 column | t4.cmax | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | t4.cmin | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | t4.ctid | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | t4.m | unconfined_u:object_r:sepgsql_table_t:s0 column | t4.n | unconfined_u:object_r:sepgsql_table_t:s0 column | t4.tableoid | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | t4.xmax | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | t4.xmin | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | tpart.cmax | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.cmin | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.ctid | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.o | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.p | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.tableoid | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.xmax | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart.xmin | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.cmax | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.cmin | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.ctid | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.o | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.p | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.tableoid | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.xmax | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_ones.xmin | unconfined_u:object_r:user_sepgsql_table_t:s0 column | tpart_tens.cmax | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | tpart_tens.cmin | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | tpart_tens.ctid | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | tpart_tens.o | unconfined_u:object_r:sepgsql_table_t:s0 column | tpart_tens.p | unconfined_u:object_r:sepgsql_table_t:s0 column | tpart_tens.tableoid | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | tpart_tens.xmax | unconfined_u:object_r:sepgsql_sysobj_t:s0 column | tpart_tens.xmin | unconfined_u:object_r:sepgsql_sysobj_t:s0 (40 rows) -- -- Tests for SECURITY LABEL -- SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ---------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_dba_t:s0 (1 row) SECURITY LABEL ON TABLE t1 IS 'system_u:object_r:sepgsql_ro_table_t:s0'; -- ok SECURITY LABEL ON TABLE t2 IS 'invalid security context'; -- be failed ERROR: SELinux: invalid security label: "invalid security context" SECURITY LABEL ON COLUMN t2 IS 'system_u:object_r:sepgsql_ro_table_t:s0'; -- be failed ERROR: column name must be qualified SECURITY LABEL ON COLUMN t2.b IS 'system_u:object_r:sepgsql_ro_table_t:s0'; -- ok SECURITY LABEL ON TABLE tpart IS 'system_u:object_r:sepgsql_ro_table_t:s0'; -- ok SECURITY LABEL ON TABLE tpart IS 'invalid security context'; -- failed ERROR: SELinux: invalid security label: "invalid security context" SECURITY LABEL ON COLUMN tpart IS 'system_u:object_r:sepgsql_ro_table_t:s0'; -- failed ERROR: column name must be qualified SECURITY LABEL ON COLUMN tpart.o IS 'system_u:object_r:sepgsql_ro_table_t:s0'; -- ok -- -- Tests for Trusted Procedures -- SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 (1 row) SET sepgsql.debug_audit = true; SET client_min_messages = log; SELECT f1(); -- normal procedure LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=unconfined_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="public.f1()" permissive=0 LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.sepgsql_getcon()" permissive=0 f1 ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 (1 row) SELECT f2(); -- trusted procedure LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_trusted_proc_exec_t:s0 tclass=db_procedure name="public.f2()" permissive=0 LOG: SELinux: allowed { entrypoint } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_trusted_proc_exec_t:s0 tclass=db_procedure name="function f2()" permissive=0 LOG: SELinux: allowed { transition } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=unconfined_u:unconfined_r:sepgsql_trusted_proc_t:s0 tclass=process permissive=0 LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_trusted_proc_t:s0 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.sepgsql_getcon()" permissive=0 f2 ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_trusted_proc_t:s0 (1 row) SELECT f3(); -- trusted procedure that raises an error LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_trusted_proc_exec_t:s0 tclass=db_procedure name="public.f3()" permissive=0 LOG: SELinux: allowed { entrypoint } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_trusted_proc_exec_t:s0 tclass=db_procedure name="function f3()" permissive=0 LOG: SELinux: allowed { transition } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=unconfined_u:unconfined_r:sepgsql_trusted_proc_t:s0 tclass=process permissive=0 ERROR: an exception from f3() CONTEXT: PL/pgSQL function f3() line 2 at RAISE SELECT f4(); -- failed on domain transition LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_nosuch_trusted_proc_exec_t:s0 tclass=db_procedure name="public.f4()" permissive=0 LOG: SELinux: allowed { entrypoint } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_nosuch_trusted_proc_exec_t:s0 tclass=db_procedure name="function f4()" permissive=0 LOG: SELinux: denied { transition } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=unconfined_u:unconfined_r:sepgsql_regtest_nosuch_t:s0 tclass=process permissive=0 ERROR: SELinux: security policy violation SELECT sepgsql_getcon(); -- client's label must be restored LOG: SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.sepgsql_getcon()" permissive=0 sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0 (1 row) -- -- Test for Dynamic Domain Transition -- -- validation of transaction aware dynamic-transition SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ----------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c25 (1 row) SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c15'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c15 (1 row) SELECT sepgsql_setcon(NULL); -- failed to reset ERROR: SELinux: security policy violation SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c15 (1 row) BEGIN; SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c12'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c12 (1 row) SAVEPOINT svpt_1; SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c9'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c9 (1 row) SAVEPOINT svpt_2; SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c6'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c6 (1 row) SAVEPOINT svpt_3; SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c3'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c3 (1 row) ROLLBACK TO SAVEPOINT svpt_2; SELECT sepgsql_getcon(); -- should be 's0:c0.c9' sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c9 (1 row) ROLLBACK TO SAVEPOINT svpt_1; SELECT sepgsql_getcon(); -- should be 's0:c0.c12' sepgsql_getcon ----------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c12 (1 row) ABORT; SELECT sepgsql_getcon(); -- should be 's0:c0.c15' sepgsql_getcon ----------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c15 (1 row) BEGIN; SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c8'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c8 (1 row) SAVEPOINT svpt_1; SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c4'); sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c4 (1 row) ROLLBACK TO SAVEPOINT svpt_1; SELECT sepgsql_getcon(); -- should be 's0:c0.c8' sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c8 (1 row) SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c6'); sepgsql_setcon ---------------- t (1 row) COMMIT; SELECT sepgsql_getcon(); -- should be 's0:c0.c6' sepgsql_getcon ---------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0:c0.c6 (1 row) -- sepgsql_regtest_user_t is not available dynamic-transition, -- unless sepgsql_setcon() is called inside of trusted-procedure SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ------------------------------------------------------------ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c15 (1 row) -- sepgsql_regtest_user_t has no permission to switch current label SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0'); -- failed ERROR: SELinux: security policy violation SELECT sepgsql_getcon(); sepgsql_getcon ------------------------------------------------------------ unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c15 (1 row) -- trusted procedure allows to switch, but unavailable to override MCS rules SELECT f5('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7'); -- OK f5 ---- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7 (1 row) SELECT f5('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c31'); -- Failed ERROR: SELinux: security policy violation CONTEXT: SQL function "f5" statement 1 SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7 (1 row) SELECT f5(NULL); -- Failed ERROR: SELinux: security policy violation CONTEXT: SQL function "f5" statement 1 SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7 (1 row) BEGIN; SELECT f5('unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c3'); -- OK f5 ---- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c3 (1 row) ABORT; SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0:c0.c7 (1 row) -- -- Test for simulation of typical connection pooling server -- SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_pool_t:s0 (1 row) -- we shouldn't allow to switch client label without trusted procedure SELECT sepgsql_setcon('unconfined_u:unconfined_r:sepgsql_regtest_foo_t:s0'); ERROR: SELinux: security policy violation SELECT * FROM auth_tbl; -- failed, no permission to reference ERROR: SELinux: security policy violation -- switch to "foo" SELECT auth_func('foo', 'acbd18db4cc2f85cedef654fccc4a4d8'); auth_func ----------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_foo_t:s0 (1 row) SELECT * FROM foo_tbl; -- OK a | b ---+----- 1 | aaa 2 | bbb 3 | ccc 4 | ddd (4 rows) SELECT * FROM foo_ptbl; -- OK o | p ----+----- 0 | aaa 9 | bbb 10 | ccc 99 | ddd (4 rows) SELECT * FROM var_tbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM var_ptbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM auth_tbl; -- failed ERROR: SELinux: security policy violation SELECT sepgsql_setcon(NULL); -- end of session sepgsql_setcon ---------------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_pool_t:s0 (1 row) -- the pooler cannot touch these tables directly SELECT * FROM foo_tbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM foo_ptbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM var_tbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM var_ptbl; -- failed ERROR: SELinux: security policy violation -- switch to "var" SELECT auth_func('var', 'b2145aac704ce76dbe1ac7adac535b23'); auth_func ----------- t (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ---------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_var_t:s0 (1 row) SELECT * FROM foo_tbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM foo_ptbl; -- failed ERROR: SELinux: security policy violation SELECT * FROM var_tbl; -- OK x | y ---+----- 2 | xxx 3 | yyy 4 | zzz 5 | xyz (4 rows) SELECT * FROM var_ptbl; -- OK q | r ----+----- 0 | xxx 9 | yyy 10 | zzz 99 | xyz (4 rows) SELECT * FROM auth_tbl; -- failed ERROR: SELinux: security policy violation SELECT sepgsql_setcon(NULL); -- end of session sepgsql_setcon ---------------- t (1 row) -- misc checks SELECT auth_func('var', 'invalid credential'); -- not works auth_func ----------- (1 row) SELECT sepgsql_getcon(); sepgsql_getcon ----------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_pool_t:s0 (1 row) -- -- Clean up -- SELECT sepgsql_getcon(); -- confirm client privilege sepgsql_getcon --------------------------------------------------------------------- unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0-s0:c0.c255 (1 row) DROP TABLE IF EXISTS t1 CASCADE; DROP TABLE IF EXISTS t2 CASCADE; DROP TABLE IF EXISTS t3 CASCADE; DROP TABLE IF EXISTS t4 CASCADE; DROP TABLE IF EXISTS tpart CASCADE; DROP FUNCTION IF EXISTS f1() CASCADE; DROP FUNCTION IF EXISTS f2() CASCADE; DROP FUNCTION IF EXISTS f3() CASCADE; DROP FUNCTION IF EXISTS f4() CASCADE; DROP FUNCTION IF EXISTS f5(text) CASCADE;