mirror of
https://git.postgresql.org/git/postgresql.git
synced 2025-01-24 18:55:04 +08:00
794e2558be
The regression tests for sepgsql were broken by changes in the base distro as-shipped policies. Specifically, definition of unconfined_t in the system default policy was changed to bypass multi-category rules, which the regression test depended on. Fix that by defining a custom privileged domain (sepgsql_regtest_superuser_t) and using it instead of system's unconfined_t domain. The new sepgsql_regtest_superuser_t domain performs almost like the current unconfined_t, but restricted by multi-category policy as the traditional unconfined_t was. The custom policy module is a self defined domain, and so should not be affected by related future system policy changes. However, it still uses the unconfined_u:unconfined_r pair for selinux-user and role. Those definitions have not been changed for several years and seem less risky to rely on than the unconfined_t domain. Additionally, if we define custom user/role, they would need to be manually defined at the operating system level, adding more complexity to an already non-standard and complex regression test. Back-patch to 9.3. The regression tests will need more work before working correctly on 9.2. Starting with 9.2, sepgsql has had dependencies on libselinux versions that are only available on newer distros with the changed set of policies (e.g. RHEL 7.x). On 9.1 sepgsql works fine with the older distros with original policy set (e.g. RHEL 6.x), and on which the existing regression tests work fine. We might want eventually change 9.1 sepgsql regression tests to be more independent from the underlying OS policies, however more work will be needed to make that happen and it is not clear that it is worth the effort. Kohei KaiGai with review by Adam Brightwell and me, commentary by Stephen, Alvaro, Tom, Robert, and others.
100 lines
2.8 KiB
PL/PgSQL
100 lines
2.8 KiB
PL/PgSQL
--
|
|
-- Regression Test for DDL of Object Permission Checks
|
|
--
|
|
|
|
-- clean-up in case a prior regression run failed
|
|
SET client_min_messages TO 'warning';
|
|
DROP DATABASE IF EXISTS regtest_sepgsql_test_database;
|
|
DROP USER IF EXISTS regtest_sepgsql_test_user;
|
|
RESET client_min_messages;
|
|
|
|
-- confirm required permissions using audit messages
|
|
-- @SECURITY-CONTEXT=unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0
|
|
SET sepgsql.debug_audit = true;
|
|
SET client_min_messages = LOG;
|
|
|
|
--
|
|
-- CREATE Permission checks
|
|
--
|
|
CREATE DATABASE regtest_sepgsql_test_database;
|
|
|
|
CREATE USER regtest_sepgsql_test_user;
|
|
|
|
CREATE SCHEMA regtest_schema;
|
|
|
|
GRANT ALL ON SCHEMA regtest_schema TO regtest_sepgsql_test_user;
|
|
|
|
SET search_path = regtest_schema, public;
|
|
|
|
CREATE TABLE regtest_table (x serial primary key, y text);
|
|
|
|
ALTER TABLE regtest_table ADD COLUMN z int;
|
|
|
|
CREATE TABLE regtest_table_2 (a int) WITH OIDS;
|
|
|
|
-- corresponding toast table should not have label and permission checks
|
|
ALTER TABLE regtest_table_2 ADD COLUMN b text;
|
|
|
|
-- VACUUM FULL internally create a new table and swap them later.
|
|
VACUUM FULL regtest_table;
|
|
|
|
CREATE VIEW regtest_view AS SELECT * FROM regtest_table WHERE x < 100;
|
|
|
|
CREATE SEQUENCE regtest_seq;
|
|
|
|
CREATE TYPE regtest_comptype AS (a int, b text);
|
|
|
|
CREATE FUNCTION regtest_func(text,int[]) RETURNS bool LANGUAGE plpgsql
|
|
AS 'BEGIN RAISE NOTICE ''regtest_func => %'', $1; RETURN true; END';
|
|
|
|
CREATE AGGREGATE regtest_agg (
|
|
sfunc1 = int4pl, basetype = int4, stype1 = int4, initcond1 = '0'
|
|
);
|
|
|
|
-- CREATE objects owned by others
|
|
SET SESSION AUTHORIZATION regtest_sepgsql_test_user;
|
|
|
|
SET search_path = regtest_schema, public;
|
|
|
|
CREATE TABLE regtest_table_3 (x int, y serial);
|
|
|
|
CREATE VIEW regtest_view_2 AS SELECT * FROM regtest_table_3 WHERE x < y;
|
|
|
|
CREATE FUNCTION regtest_func_2(int) RETURNS bool LANGUAGE plpgsql
|
|
AS 'BEGIN RETURN $1 * $1 < 100; END';
|
|
|
|
RESET SESSION AUTHORIZATION;
|
|
|
|
--
|
|
-- ALTER and CREATE/DROP extra attribute permissions
|
|
--
|
|
CREATE TABLE regtest_table_4 (x int primary key, y int, z int);
|
|
CREATE INDEX regtest_index_tbl4_y ON regtest_table_4(y);
|
|
CREATE INDEX regtest_index_tbl4_z ON regtest_table_4(z);
|
|
ALTER TABLE regtest_table_4 ALTER COLUMN y TYPE float;
|
|
DROP INDEX regtest_index_tbl4_y;
|
|
ALTER TABLE regtest_table_4
|
|
ADD CONSTRAINT regtest_tbl4_con EXCLUDE USING btree (z WITH =);
|
|
DROP TABLE regtest_table_4 CASCADE;
|
|
|
|
--
|
|
-- DROP Permission checks (with clean-up)
|
|
--
|
|
|
|
DROP FUNCTION regtest_func(text,int[]);
|
|
DROP AGGREGATE regtest_agg(int);
|
|
|
|
DROP SEQUENCE regtest_seq;
|
|
DROP VIEW regtest_view;
|
|
|
|
ALTER TABLE regtest_table DROP COLUMN y;
|
|
ALTER TABLE regtest_table_2 SET WITHOUT OIDS;
|
|
|
|
DROP TABLE regtest_table;
|
|
|
|
DROP OWNED BY regtest_sepgsql_test_user;
|
|
|
|
DROP DATABASE regtest_sepgsql_test_database;
|
|
DROP USER regtest_sepgsql_test_user;
|
|
DROP SCHEMA IF EXISTS regtest_schema CASCADE;
|