database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-02 11:44:50 +03:00
Code
postgres/contrib/sepgsql/sql/ddl.sql
Joe Conway e90a629e12 Fix sepgsql regression tests (9.2-only patch). 
The regression tests for sepgsql were broken by changes in the
base distro as-shipped policies. Specifically, definition of
unconfined_t in the system default policy was changed to bypass
multi-category rules, which the regression test depended on.
Fix that by defining a custom privileged domain
(sepgsql_regtest_superuser_t) and using it instead of system's
unconfined_t domain. The new sepgsql_regtest_superuser_t domain
performs almost like the current unconfined_t, but restricted by
multi-category policy as the traditional unconfined_t was.

The custom policy module is a self defined domain, and so should not
be affected by related future system policy changes. However, it still
uses the unconfined_u:unconfined_r pair for selinux-user and role.
Those definitions have not been changed for several years and seem
less risky to rely on than the unconfined_t domain. Additionally, if
we define custom user/role, they would need to be manually defined
at the operating system level, adding more complexity to an already
non-standard and complex regression test.

Applies only to 9.2. Unlike the previous similar patch, commit 794e2558b,
this also fixes a bug related to processing SELECT INTO statement.
Because v9.2 didn't have ObjectAccessPostCreate to inform the context
when a relation is newly created, sepgsql had an alternative method.
However, related code in sepgsql_object_access() neglected to consider
T_CreateTableAsStmt, thus no label was assigned on the new relation.
This logic was removed and replaced starting in 9.3.

Patch by Kohei KaiGai.
2015-09-22 14:58:38 -07:00

82 lines
2.1 KiB
PL/PgSQL
Raw Blame History

--
-- Regression Test for DDL of Object Permission Checks
--
-- confirm required permissions using audit messages
-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0
SET sepgsql.debug_audit = true;
SET client_min_messages = LOG;
--
-- CREATE Permission checks
--
CREATE DATABASE regtest_sepgsql_test_database;
CREATE USER regtest_sepgsql_test_user;
CREATE SCHEMA regtest_schema;
GRANT ALL ON SCHEMA regtest_schema TO regtest_sepgsql_test_user;
SET search_path = regtest_schema, public;
CREATE TABLE regtest_table (x serial primary key, y text);
ALTER TABLE regtest_table ADD COLUMN z int;
CREATE TABLE regtest_table_2 (a int) WITH OIDS;
-- corresponding toast table should not have label and permission checks
ALTER TABLE regtest_table_2 ADD COLUMN b text;
-- VACUUM FULL internally create a new table and swap them later.
VACUUM FULL regtest_table;
CREATE VIEW regtest_view AS SELECT * FROM regtest_table WHERE x < 100;
CREATE SEQUENCE regtest_seq;
CREATE TYPE regtest_comptype AS (a int, b text);
CREATE FUNCTION regtest_func(text,int[]) RETURNS bool LANGUAGE plpgsql
AS 'BEGIN RAISE NOTICE ''regtest_func => %'', $1; RETURN true; END';
CREATE AGGREGATE regtest_agg (
sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0'
);
-- CREATE objects owned by others
SET SESSION AUTHORIZATION regtest_sepgsql_test_user;
SET search_path = regtest_schema, public;
CREATE TABLE regtest_table_3 (x int, y serial);
CREATE VIEW regtest_view_2 AS SELECT * FROM regtest_table_3 WHERE x < y;
CREATE FUNCTION regtest_func_2(int) RETURNS bool LANGUAGE plpgsql
AS 'BEGIN RETURN $1 * $1 < 100; END';
RESET SESSION AUTHORIZATION;
--
-- DROP Permission checks (with clean-up)
--
DROP FUNCTION regtest_func(text,int[]);
DROP AGGREGATE regtest_agg(int);
DROP SEQUENCE regtest_seq;
DROP VIEW regtest_view;
ALTER TABLE regtest_table DROP COLUMN y;
ALTER TABLE regtest_table_2 SET WITHOUT OIDS;
DROP TABLE regtest_table;
DROP OWNED BY regtest_sepgsql_test_user;
DROP DATABASE regtest_sepgsql_test_database;
DROP USER regtest_sepgsql_test_user;
DROP SCHEMA IF EXISTS regtest_schema CASCADE;
View Git Blame Copy Permalink