contrib/sepgsql/expected/misc.out


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

--
-- Regression Test for Misc Permission Checks
--
LOAD '$libdir/sepgsql';		-- failed
ERROR:  SELinux: LOAD is not permitted
--
-- Permissions to execute functions
--
CREATE TABLE t1 (x int, y text);
INSERT INTO t1 (SELECT x, md5(x::text) FROM generate_series(1,100) x);
SET sepgsql.debug_audit = on;
SET client_min_messages = log;
-- regular function and operators
SELECT * FROM t1 WHERE x > 50 AND y like '%64%';
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="public.t1"
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table t1 column x"
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table t1 column y"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.int4gt(integer,integer)"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.textlike(pg_catalog.text,pg_catalog.text)"
  x  |                y                 
-----+----------------------------------
  77 | 28dd2c7955ce926456240b2ff0100bde
  89 | 7647966b7343c29048673252e490f736
  90 | 8613985ec49eb8f757ae6439e879bb2a
  91 | 54229abfcfa5649e7003b83dd4755294
  99 | ac627ab1ccbdb62ec96e702f07f6425b
 100 | f899139df5e1059396431415e770c6dd
(6 rows)

-- aggregate function
SELECT MIN(x), AVG(x) FROM t1;
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="public.t1"
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table t1 column x"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.avg(integer)"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.int4_avg_accum(bigint[],integer)"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.int8_avg(bigint[])"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.min(integer)"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.int4smaller(integer,integer)"
 min |         avg         
-----+---------------------
   1 | 50.5000000000000000
(1 row)

-- window function
SELECT row_number() OVER (order by x), * FROM t1 WHERE y like '%86%';
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_table name="public.t1"
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table t1 column x"
LOG:  SELinux: allowed { select } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:sepgsql_table_t:s0 tclass=db_column name="table t1 column y"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.row_number()"
LOG:  SELinux: allowed { execute } scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:sepgsql_proc_exec_t:s0 tclass=db_procedure name="pg_catalog.textlike(pg_catalog.text,pg_catalog.text)"
 row_number | x  |                y                 
------------+----+----------------------------------
          1 |  2 | c81e728d9d4c2f636f067f89cc14862c
          2 | 17 | 70efdf2ec9b086079795c442636b55fb
          3 | 22 | b6d767d2f8ed5d21a44b0e5886680cb9
          4 | 27 | 02e74f10e0327ad868d138f2b4fdd6f0
          5 | 33 | 182be0c5cdcd5072bb1864cdee4d3d6e
          6 | 43 | 17e62166fc8586dfa4d1bc0e1742c08b
          7 | 54 | a684eceee76fc522773286a895bc8436
          8 | 73 | d2ddea18f00665ce8623e36bd4e3c7c5
          9 | 76 | fbd7939d674997cdb4692d34de8633c4
         10 | 89 | 7647966b7343c29048673252e490f736
         11 | 90 | 8613985ec49eb8f757ae6439e879bb2a
         12 | 94 | f4b9ec30ad9f68f89b29639786cb62ef
(12 rows)

RESET sepgsql.debug_audit;
RESET client_min_messages;
--
-- Cleanup
--
DROP TABLE IF EXISTS t1 CASCADE;