<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> - <a href='services_postgresql.html'> postgresql</a><br/> - <a href='services_ssh.html'> ssh</a><br/> - <a href='services_xserver.html'> xserver</a><br/> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: services</h1><p/> <h2>Module: postgresql</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>PostgreSQL relational database</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_postgresql_can_rsync"></a> <div id="interface"> <div id="codeblock">postgresql_can_rsync</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow postgresql to use ssh and rsync for point-in-time recovery </p><p> </p> </div></div> <a name="link_postgresql_selinux_transmit_client_label"></a> <div id="interface"> <div id="codeblock">postgresql_selinux_transmit_client_label</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow transmit client label to foreign database </p><p> </p> </div></div> <a name="link_postgresql_selinux_unconfined_dbadm"></a> <div id="interface"> <div id="codeblock">postgresql_selinux_unconfined_dbadm</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow database admins to execute DML statement </p><p> </p> </div></div> <a name="link_postgresql_selinux_users_ddl"></a> <div id="interface"> <div id="codeblock">postgresql_selinux_users_ddl</div> <div id="description"> <h5>Default value</h5> <p>true</p> <h5>Description</h5> <p> </p><p> Allow unprivileged users to execute DDL statement </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_postgresql_admin"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_admin</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> All of the rules required to administrate an postgresql environment </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> The role to be allowed to manage the postgresql domain. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_blob_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_blob_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL binary large object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a database binary large object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_database_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_database_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL database object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a database object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_domtrans"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_domtrans</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute postgresql in the postgresql domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_exec"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_exec</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute Postgresql in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_filetrans_named_content"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_filetrans_named_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to postgresql named content </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_language_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_language_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL procedural language object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a procedural language object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_loadable_module"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_loadable_module</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL loadable shared library module </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a database object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_manage_db"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_manage_db</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to manage postgresql's database. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_procedure_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_procedure_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL procedure object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a procedure object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_read_config"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_read_config</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to read postgresql's etc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_role"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_role</b>( user_role , user_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Role access for SE-PostgreSQL. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> user_role </td><td> <p> The role associated with the user domain. </p> </td></tr> <tr><td> user_domain </td><td> <p> The type of the user domain. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_run"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_run</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the postgresql program in the postgresql domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the postgresql domain. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_schema_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_schema_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL schema object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a schema object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_search_db"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_search_db</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to search postgresql's database directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_sequence_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_sequence_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL sequence type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a sequence type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_signal"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_signal</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow domain to signal postgresql </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_stream_connect"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_stream_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to connect to postgresql with a unix socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_system_table_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_system_table_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL system table/column/tuple object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a table/column/tuple object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_table_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_table_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL table/column/tuple object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a table/column/tuple object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_tcp_connect"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_tcp_connect</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain to connect to postgresql with a tcp socket. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_trusted_procedure_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_trusted_procedure_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL trusted procedure object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a trusted procedure object type. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain unconfined accesses to any database objects managed by SE-PostgreSQL, </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_unpriv_client"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_unpriv_client</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Allow the specified domain unprivileged accesses to unifined database objects managed by SE-PostgreSQL, </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_postgresql_view_object"></a> <div id="interface"> <div id="codeblock"> <b>postgresql_view_object</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Marks as a SE-PostgreSQL view object type </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type marked as a view object type. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>