Layer: services

Module: postgresql

Tunables Interfaces Templates

Description:

PostgreSQL relational database

Tunables:

sepgsql_enable_users_ddl

Default value

false

Description

Allow unprived users to execute DDL statement

sepgsql_transmit_client_label

Default value

false

Description

Allow transmit client label to foreign database

sepgsql_unconfined_dbadm

Default value

false

Description

Allow database admins to execute DML statement

Return

Interfaces:

postgresql_admin(
	
		domain
		
			,
		
		role
		
	)

Summary

All of the rules required to administrate an postgresql environment

Parameters

Parameter:	Description:
domain	Domain allowed access.
role	The role to be allowed to manage the postgresql domain.

postgresql_blob_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL binary large object type

Parameters

Parameter:	Description:
type	Type marked as a database binary large object type.

postgresql_database_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL database object type

Parameters

Parameter:	Description:
type	Type marked as a database object type.

postgresql_domtrans(
	
		domain
		
	)

Summary

Execute postgresql in the postgresql domain.

Parameters

Parameter:	Description:
domain	Domain allowed to transition.

postgresql_language_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL procedural language object type

Parameters

Parameter:	Description:
type	Type marked as a procedural language object type.

postgresql_loadable_module(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL loadable shared library module

Parameters

Parameter:	Description:
type	Type marked as a database object type.

postgresql_manage_db(
	
		domain
		
	)

Summary

Allow the specified domain to manage postgresql's database.

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_procedure_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL procedure object type

Parameters

Parameter:	Description:
type	Type marked as a procedure object type.

postgresql_read_config(
	
		domain
		
	)

Summary

Allow the specified domain to read postgresql's etc.

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_schema_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL schema object type

Parameters

Parameter:	Description:
type	Type marked as a schema object type.

postgresql_search_db(
	
		domain
		
	)

Summary

Allow the specified domain to search postgresql's database directory.

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_sequence_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL sequence type

Parameters

Parameter:	Description:
type	Type marked as a sequence type.

postgresql_signal(
	
		domain
		
	)

Summary

Allow domain to signal postgresql

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_stream_connect(
	
		domain
		
	)

Summary

Allow the specified domain to connect to postgresql with a unix socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_system_table_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL system table/column/tuple object type

Parameters

Parameter:	Description:
type	Type marked as a table/column/tuple object type.

postgresql_table_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL table/column/tuple object type

Parameters

Parameter:	Description:
type	Type marked as a table/column/tuple object type.

postgresql_tcp_connect(
	
		domain
		
	)

Summary

Allow the specified domain to connect to postgresql with a tcp socket.

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_trusted_procedure_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL trusted procedure object type

Parameters

Parameter:	Description:
type	Type marked as a trusted procedure object type.

postgresql_unconfined(
	
		domain
		
	)

Summary

Allow the specified domain unconfined accesses to any database objects managed by SE-PostgreSQL,

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_unpriv_client(
	
		domain
		
	)

Summary

Allow the specified domain unprivileged accesses to unifined database objects managed by SE-PostgreSQL,

Parameters

Parameter:	Description:
domain	Domain allowed access.

postgresql_view_object(
	
		type
		
	)

Summary

Marks as a SE-PostgreSQL view object type

Parameters

Parameter:	Description:
type	Type marked as a view object type.

Return

Templates:

postgresql_role(
	
		role_prefix
		
			,
		
		user_domain
		
			,
		
		user_exec_domain
		
			,
		
		role
		
	)

Summary

Role access for SE-PostgreSQL.

Parameters

Parameter:	Description:
role_prefix	The prefix of the user role (e.g., user is the prefix for user_r).
user_domain	User domain for the role.
user_exec_domain	User exec domain for execute and transition access.
role	Role allowed access

Return