database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

Include permissive/enforcing state in sepgsql log messages.

Browse Source 
SELinux itself does this (at least in modern releases), and it
seems like a good idea to reduce confusion.

Dave Page

Discussion: https://postgr.es/m/CA+OCxowsQoLEYc=jN7OtNvOdX0Jg5L7nMYt++=k0X78HGq-sXg@mail.gmail.com
This commit is contained in:
Tom Lane
2022-01-12 14:23:13 -05:00
parent a18b6d2dc2
commit 134d974636
7 changed files with 649 additions and 638 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
contrib/sepgsql/uavc.c
View File

@ -399,6 +399,7 @@ sepgsql_avc_check_perms_label(const char *tcontext,
sepgsql_get_mode() != SEPGSQL_MODE_INTERNAL)
{
sepgsql_audit_log(denied != 0,
(sepgsql_getenforce() && !cache->permissive),
cache->scontext,
cache->tcontext_is_valid ?
cache->tcontext : sepgsql_avc_unlabeled(),