diff options
author | Chris PeBenito <pebenito@ieee.org> | 2017-02-15 18:47:33 -0500 |
---|---|---|
committer | Jason Zaman <jason@perfinion.com> | 2017-02-17 16:13:38 +0800 |
commit | b8090bfeb7461011bfbbfc43d47caab6fc863d3d (patch) | |
tree | 6506d53221c4d5a0ca619d4cacbf4c861acccd84 /policy/modules/services/postgresql.te | |
parent | inherited file and fifo perms (diff) | |
download | hardened-refpolicy-b8090bfeb7461011bfbbfc43d47caab6fc863d3d.tar.gz hardened-refpolicy-b8090bfeb7461011bfbbfc43d47caab6fc863d3d.tar.bz2 hardened-refpolicy-b8090bfeb7461011bfbbfc43d47caab6fc863d3d.zip |
Sort capabilities permissions from Russell Coker.
Diffstat (limited to 'policy/modules/services/postgresql.te')
-rw-r--r-- | policy/modules/services/postgresql.te | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index 5b2508da..e21ce738 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -227,8 +227,8 @@ postgresql_view_object(user_sepgsql_view_t) # # postgresql Local policy # -allow postgresql_t self:capability { kill dac_override dac_read_search chown fowner fsetid setuid setgid sys_nice sys_tty_config sys_admin }; -dontaudit postgresql_t self:capability { sys_tty_config sys_admin }; +allow postgresql_t self:capability { chown dac_override dac_read_search fowner fsetid kill setgid setuid sys_admin sys_nice sys_tty_config }; +dontaudit postgresql_t self:capability { sys_admin sys_tty_config }; allow postgresql_t self:process signal_perms; allow postgresql_t self:fifo_file rw_fifo_file_perms; allow postgresql_t self:file { getattr read }; |