1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
|
--
-- Regression Test for DML Permissions
--
--
-- Setup
--
CREATE TABLE t1 (a int, junk int, b text);
SECURITY LABEL ON TABLE t1 IS 'system_u:object_r:sepgsql_table_t:s0';
ALTER TABLE t1 DROP COLUMN junk;
INSERT INTO t1 VALUES (1, 'aaa'), (2, 'bbb'), (3, 'ccc');
CREATE TABLE t2 (x int, y text);
SECURITY LABEL ON TABLE t2 IS 'system_u:object_r:sepgsql_ro_table_t:s0';
INSERT INTO t2 VALUES (1, 'xxx'), (2, 'yyy'), (3, 'zzz');
CREATE TABLE t3 (s int, t text);
SECURITY LABEL ON TABLE t3 IS 'system_u:object_r:sepgsql_fixed_table_t:s0';
INSERT INTO t3 VALUES (1, 'sss'), (2, 'ttt'), (3, 'uuu');
CREATE TABLE t4 (m int, junk int, n text);
SECURITY LABEL ON TABLE t4 IS 'system_u:object_r:sepgsql_secret_table_t:s0';
ALTER TABLE t4 DROP COLUMN junk;
INSERT INTO t4 VALUES (1, 'mmm'), (2, 'nnn'), (3, 'ooo');
CREATE TABLE t5 (e text, f text, g text);
SECURITY LABEL ON TABLE t5 IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.e IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t5.f IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t5.g IS 'system_u:object_r:sepgsql_secret_table_t:s0';
---
-- partitioned table parent
CREATE TABLE t1p (o int, p text, q text) PARTITION BY RANGE (o);
SECURITY LABEL ON TABLE t1p IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
-- partitioned table children
CREATE TABLE t1p_ones PARTITION OF t1p FOR VALUES FROM ('0') TO ('10');
SECURITY LABEL ON COLUMN t1p_ones.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p_ones.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p_ones.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
CREATE TABLE t1p_tens PARTITION OF t1p FOR VALUES FROM ('10') TO ('100');
SECURITY LABEL ON COLUMN t1p_tens.o IS 'system_u:object_r:sepgsql_table_t:s0';
SECURITY LABEL ON COLUMN t1p_tens.p IS 'system_u:object_r:sepgsql_ro_table_t:s0';
SECURITY LABEL ON COLUMN t1p_tens.q IS 'system_u:object_r:sepgsql_secret_table_t:s0';
---
CREATE TABLE customer (cid int primary key, cname text, ccredit text);
SECURITY LABEL ON COLUMN customer.ccredit IS 'system_u:object_r:sepgsql_secret_table_t:s0';
INSERT INTO customer VALUES (1, 'Taro', '1111-2222-3333-4444'),
(2, 'Hanako', '5555-6666-7777-8888');
CREATE FUNCTION customer_credit(int) RETURNS text
AS 'SELECT regexp_replace(ccredit, ''-[0-9]+$'', ''-????'') FROM customer WHERE cid = $1'
LANGUAGE sql;
SECURITY LABEL ON FUNCTION customer_credit(int)
IS 'system_u:object_r:sepgsql_trusted_proc_exec_t:s0';
SELECT objtype, objname, label FROM pg_seclabels
WHERE provider = 'selinux'
AND objtype in ('table', 'column')
AND objname in ('t1', 't2', 't3', 't4',
't5', 't5.e', 't5.f', 't5.g',
't1p', 't1p.o', 't1p.p', 't1p.q',
't1p_ones', 't1p_ones.o', 't1p_ones.p', 't1p_ones.q',
't1p_tens', 't1p_tens.o', 't1p_tens.p', 't1p_tens.q')
ORDER BY objname COLLATE "C";
objtype | objname | label
---------+------------+---------------------------------------------
table | t1 | system_u:object_r:sepgsql_table_t:s0
table | t1p | system_u:object_r:sepgsql_table_t:s0
column | t1p.o | system_u:object_r:sepgsql_table_t:s0
column | t1p.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t1p_ones | unconfined_u:object_r:sepgsql_table_t:s0
column | t1p_ones.o | system_u:object_r:sepgsql_table_t:s0
column | t1p_ones.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p_ones.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t1p_tens | unconfined_u:object_r:sepgsql_table_t:s0
column | t1p_tens.o | system_u:object_r:sepgsql_table_t:s0
column | t1p_tens.p | system_u:object_r:sepgsql_ro_table_t:s0
column | t1p_tens.q | system_u:object_r:sepgsql_secret_table_t:s0
table | t2 | system_u:object_r:sepgsql_ro_table_t:s0
table | t3 | system_u:object_r:sepgsql_fixed_table_t:s0
table | t4 | system_u:object_r:sepgsql_secret_table_t:s0
table | t5 | system_u:object_r:sepgsql_table_t:s0
column | t5.e | system_u:object_r:sepgsql_table_t:s0
column | t5.f | system_u:object_r:sepgsql_ro_table_t:s0
column | t5.g | system_u:object_r:sepgsql_secret_table_t:s0
(20 rows)
CREATE SCHEMA my_schema_1;
CREATE TABLE my_schema_1.ts1 (a int, b text);
CREATE TABLE my_schema_1.pts1 (o int, p text) PARTITION BY RANGE (o);
CREATE TABLE my_schema_1.pts1_ones PARTITION OF my_schema_1.pts1 FOR VALUES FROM ('0') to ('10');
CREATE SCHEMA my_schema_2;
CREATE TABLE my_schema_2.ts2 (x int, y text);
CREATE TABLE my_schema_2.pts2 (o int, p text) PARTITION BY RANGE (o);
CREATE TABLE my_schema_2.pts2_tens PARTITION OF my_schema_2.pts2 FOR VALUES FROM ('10') to ('100');
SECURITY LABEL ON SCHEMA my_schema_2
IS 'system_u:object_r:sepgsql_regtest_invisible_schema_t:s0';
-- Hardwired Rules
UPDATE pg_attribute SET attisdropped = true
WHERE attrelid = 't5'::regclass AND attname = 'f'; -- failed
ERROR: SELinux: hardwired security policy violation
--
-- Simple DML statements
--
SELECT sepgsql_getcon(); -- confirm client privilege
sepgsql_getcon
-----------------------------------------------------
unconfined_u:unconfined_r:sepgsql_regtest_user_t:s0
(1 row)
SELECT * FROM t1; -- ok
a | b
---+-----
1 | aaa
2 | bbb
3 | ccc
(3 rows)
SELECT * FROM t2; -- ok
x | y
---+-----
1 | xxx
2 | yyy
3 | zzz
(3 rows)
SELECT * FROM t3; -- ok
s | t
---+-----
1 | sss
2 | ttt
3 | uuu
(3 rows)
SELECT * FROM t4; -- failed
ERROR: SELinux: security policy violation
SELECT * FROM t5; -- failed
ERROR: SELinux: security policy violation
SELECT e,f FROM t5; -- ok
e | f
---+---
(0 rows)
SELECT (t1.*)::record FROM t1; -- ok
t1
---------
(1,aaa)
(2,bbb)
(3,ccc)
(3 rows)
SELECT (t4.*)::record FROM t4; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
SELECT * FROM t1p; -- failed
ERROR: SELinux: security policy violation
SELECT o,p FROM t1p; -- ok
o | p
---+---
(0 rows)
--partitioned table children
SELECT * FROM t1p_ones; -- failed
ERROR: SELinux: security policy violation
SELECT o FROM t1p_ones; -- ok
o
---
(0 rows)
SELECT o,p FROM t1p_ones; -- ok
o | p
---+---
(0 rows)
SELECT * FROM t1p_tens; -- failed
ERROR: SELinux: security policy violation
SELECT o FROM t1p_tens; -- ok
o
---
(0 rows)
SELECT o,p FROM t1p_tens; -- ok
o | p
---+---
(0 rows)
---
SELECT * FROM customer; -- failed
ERROR: SELinux: security policy violation
SELECT cid, cname, customer_credit(cid) FROM customer; -- ok
cid | cname | customer_credit
-----+--------+---------------------
1 | Taro | 1111-2222-3333-????
2 | Hanako | 5555-6666-7777-????
(2 rows)
SELECT count(*) FROM t5; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
SELECT count(*) FROM t1p; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
SELECT count(*) FROM t1p_ones; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p_ones WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
SELECT count(*) FROM t1p_tens; -- ok
count
-------
0
(1 row)
SELECT count(*) FROM t1p_tens WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
---
INSERT INTO t1 VALUES (4, 'abc'); -- ok
INSERT INTO t2 VALUES (4, 'xyz'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t3 VALUES (4, 'stu'); -- ok
INSERT INTO t4 VALUES (4, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 VALUES (1,2,3); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e,f) VALUES ('abc', 'def'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t5 (e) VALUES ('abc'); -- ok
---
-- partitioned table parent
INSERT INTO t1p (o,p) VALUES (9, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p (o) VALUES (9); -- ok
INSERT INTO t1p (o,p) VALUES (99, 'pqr'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p (o) VALUES (99); -- ok
-- partitioned table children
INSERT INTO t1p_ones (o,p) VALUES (9, 'mno'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p_ones (o) VALUES (9); -- ok
INSERT INTO t1p_tens (o,p) VALUES (99, 'pqr'); -- failed
ERROR: SELinux: security policy violation
INSERT INTO t1p_tens (o) VALUES (99); -- ok
---
UPDATE t1 SET b = b || '_upd'; -- ok
UPDATE t2 SET y = y || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t3 SET t = t || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t4 SET n = n || '_upd'; -- failed
ERROR: SELinux: security policy violation
UPDATE t5 SET e = 'xyz'; -- ok
UPDATE t5 SET e = f || '_upd'; -- ok
UPDATE t5 SET e = g || '_upd'; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
UPDATE t1p SET o = 9 WHERE o < 10; -- ok
UPDATE t1p SET o = 99 WHERE o >= 10; -- ok
UPDATE t1p SET o = ascii(COALESCE(p,'upd'))%10 WHERE o < 10; -- ok
UPDATE t1p SET o = ascii(COALESCE(q,'upd'))%100 WHERE o >= 10; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
UPDATE t1p_ones SET o = 9; -- ok
UPDATE t1p_ones SET o = ascii(COALESCE(p,'upd'))%10; -- ok
UPDATE t1p_ones SET o = ascii(COALESCE(q,'upd'))%10; -- failed
ERROR: SELinux: security policy violation
UPDATE t1p_tens SET o = 99; -- ok
UPDATE t1p_tens SET o = ascii(COALESCE(p,'upd'))%100; -- ok
UPDATE t1p_tens SET o = ascii(COALESCE(q,'upd'))%100; -- failed
ERROR: SELinux: security policy violation
---
DELETE FROM t1; -- ok
DELETE FROM t2; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t3; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t4; -- failed
ERROR: SELinux: security policy violation
DELETE FROM t5; -- ok
DELETE FROM t5 WHERE f IS NULL; -- ok
DELETE FROM t5 WHERE g IS NULL; -- failed
ERROR: SELinux: security policy violation
---
-- partitioned table parent
DELETE FROM t1p; -- ok
DELETE FROM t1p WHERE p IS NULL; -- ok
DELETE FROM t1p WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
-- partitioned table children
DELETE FROM t1p_ones WHERE p IS NULL; -- ok
DELETE FROM t1p_ones WHERE q IS NULL; -- failed;
ERROR: SELinux: security policy violation
DELETE FROM t1p_tens WHERE p IS NULL; -- ok
DELETE FROM t1p_tens WHERE q IS NULL; -- failed
ERROR: SELinux: security policy violation
---
--
-- COPY TO/FROM statements
--
COPY t1 TO '/dev/null'; -- ok
COPY t2 TO '/dev/null'; -- ok
COPY t3 TO '/dev/null'; -- ok
COPY t4 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5(e,f) TO '/dev/null'; -- ok
---
-- partitioned table parent
COPY (SELECT * FROM t1p) TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY (SELECT (o,p) FROM t1p) TO '/dev/null'; -- ok
-- partitioned table children
COPY t1p_ones TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_ones(o,p) TO '/dev/null'; -- ok
COPY t1p_tens TO '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_tens(o,p) TO '/dev/null'; -- ok
---
COPY t1 FROM '/dev/null'; -- ok
COPY t2 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t3 FROM '/dev/null'; -- ok
COPY t4 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e,f) FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t5 (e) FROM '/dev/null'; -- ok
---
-- partitioned table parent
COPY t1p FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p (o) FROM '/dev/null'; -- ok
-- partitioned table children
COPY t1p_ones FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_ones (o) FROM '/dev/null'; -- ok
COPY t1p_tens FROM '/dev/null'; -- failed
ERROR: SELinux: security policy violation
COPY t1p_tens (o) FROM '/dev/null'; -- ok
---
--
-- Schema search path
--
SET search_path = my_schema_1, my_schema_2, public;
SELECT * FROM ts1; -- ok
a | b
---+---
(0 rows)
SELECT * FROM ts2; -- failed (relation not found)
ERROR: relation "ts2" does not exist
LINE 1: SELECT * FROM ts2;
^
SELECT * FROM my_schema_2.ts2; -- failed (policy violation)
ERROR: SELinux: security policy violation
LINE 1: SELECT * FROM my_schema_2.ts2;
^
--
-- Clean up
--
SELECT sepgsql_getcon(); -- confirm client privilege
sepgsql_getcon
---------------------------------------------------------------------
unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0-s0:c0.c255
(1 row)
DROP TABLE IF EXISTS t1 CASCADE;
DROP TABLE IF EXISTS t2 CASCADE;
DROP TABLE IF EXISTS t3 CASCADE;
DROP TABLE IF EXISTS t4 CASCADE;
DROP TABLE IF EXISTS t5 CASCADE;
DROP TABLE IF EXISTS t1p CASCADE;
DROP TABLE IF EXISTS customer CASCADE;
DROP SCHEMA IF EXISTS my_schema_1 CASCADE;
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table my_schema_1.ts1
drop cascades to table my_schema_1.pts1
DROP SCHEMA IF EXISTS my_schema_2 CASCADE;
NOTICE: drop cascades to 2 other objects
DETAIL: drop cascades to table my_schema_2.ts2
drop cascades to table my_schema_2.pts2
|