File: //usr/share/doc/selinux-policy/html/services_postgresql.html
<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+
apps</a></br/>
<div id='subitem'>
</div>
<a href="contrib.html">+
contrib</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+
kernel</a></br/>
<div id='subitem'>
</div>
<a href="roles.html">+
roles</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+
services</a></br/>
<div id='subitem'>
- <a href='services_postgresql.html'>
postgresql</a><br/>
- <a href='services_ssh.html'>
ssh</a><br/>
- <a href='services_xserver.html'>
xserver</a><br/>
</div>
<a href="system.html">+
system</a></br/>
<div id='subitem'>
</div>
<br/><p/>
<a href="global_booleans.html">* Global Booleans </a>
<br/><p/>
<a href="global_tunables.html">* Global Tunables </a>
<p/><br/><p/>
<a href="index.html">* Layer Index</a>
<br/><p/>
<a href="booleans.html">* Boolean Index</a>
<br/><p/>
<a href="tunables.html">* Tunable Index</a>
<br/><p/>
<a href="interfaces.html">* Interface Index</a>
<br/><p/>
<a href="templates.html">* Template Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: services</h1><p/>
<h2>Module: postgresql</h2><p/>
<a href=#tunables>Tunables</a>
<a href=#interfaces>Interfaces</a>
<h3>Description:</h3>
<p><p>PostgreSQL relational database</p></p>
<hr>
<a name="tunables"></a>
<h3>Tunables: </h3>
<a name="link_postgresql_can_rsync"></a>
<div id="interface">
<div id="codeblock">postgresql_can_rsync</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p>
</p><p>
Allow postgresql to use ssh and rsync for point-in-time recovery
</p><p>
</p>
</div></div>
<a name="link_postgresql_selinux_transmit_client_label"></a>
<div id="interface">
<div id="codeblock">postgresql_selinux_transmit_client_label</div>
<div id="description">
<h5>Default value</h5>
<p>false</p>
<h5>Description</h5>
<p>
</p><p>
Allow transmit client label to foreign database
</p><p>
</p>
</div></div>
<a name="link_postgresql_selinux_unconfined_dbadm"></a>
<div id="interface">
<div id="codeblock">postgresql_selinux_unconfined_dbadm</div>
<div id="description">
<h5>Default value</h5>
<p>true</p>
<h5>Description</h5>
<p>
</p><p>
Allow database admins to execute DML statement
</p><p>
</p>
</div></div>
<a name="link_postgresql_selinux_users_ddl"></a>
<div id="interface">
<div id="codeblock">postgresql_selinux_users_ddl</div>
<div id="description">
<h5>Default value</h5>
<p>true</p>
<h5>Description</h5>
<p>
</p><p>
Allow unprivileged users to execute DDL statement
</p><p>
</p>
</div></div>
<a href=#top>Return</a>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_postgresql_admin"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_admin</b>(
domain
,
role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
All of the rules required to administrate an postgresql environment
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
<tr><td>
role
</td><td>
<p>
The role to be allowed to manage the postgresql domain.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_blob_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_blob_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL binary large object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a database binary large object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_database_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_database_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL database object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a database object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_domtrans"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_domtrans</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute postgresql in the postgresql domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_exec"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_exec</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute Postgresql in the caller domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_filetrans_named_content"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_filetrans_named_content</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Transition to postgresql named content
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_language_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_language_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL procedural language object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a procedural language object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_loadable_module"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_loadable_module</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL loadable shared library module
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a database object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_manage_db"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_manage_db</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain to manage postgresql's database.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_procedure_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_procedure_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL procedure object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a procedure object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_read_config"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_read_config</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain to read postgresql's etc.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_role"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_role</b>(
user_role
,
user_domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Role access for SE-PostgreSQL.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
user_role
</td><td>
<p>
The role associated with the user domain.
</p>
</td></tr>
<tr><td>
user_domain
</td><td>
<p>
The type of the user domain.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_run"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_run</b>(
domain
,
role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the postgresql program in the postgresql domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed to transition.
</p>
</td></tr>
<tr><td>
role
</td><td>
<p>
The role to allow the postgresql domain.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_schema_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_schema_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL schema object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a schema object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_search_db"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_search_db</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain to search postgresql's database directory.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_sequence_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_sequence_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL sequence type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a sequence type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_signal"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_signal</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow domain to signal postgresql
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_signull"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_signull</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow domain to signull postgresql
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_stream_connect"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_stream_connect</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain to connect to postgresql with a unix socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_system_table_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_system_table_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL system table/column/tuple object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a table/column/tuple object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_table_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_table_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL table/column/tuple object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a table/column/tuple object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_tcp_connect"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_tcp_connect</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain to connect to postgresql with a tcp socket.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_trusted_procedure_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_trusted_procedure_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL trusted procedure object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a trusted procedure object type.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_unconfined"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_unconfined</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain unconfined accesses to any database objects
managed by SE-PostgreSQL,
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_unpriv_client"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_unpriv_client</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Allow the specified domain unprivileged accesses to unifined database objects
managed by SE-PostgreSQL,
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td></tr>
</table>
</div>
</div>
<a name="link_postgresql_view_object"></a>
<div id="interface">
<div id="codeblock">
<b>postgresql_view_object</b>(
type
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Marks as a SE-PostgreSQL view object type
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="65%">
<tr><th >Parameter:</th><th >Description:</th></tr>
<tr><td>
type
</td><td>
<p>
Type marked as a view object type.
</p>
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>