1selabel_db(5) SELinux API documentation selabel_db(5)
2
6 selabel_db - userspace SELinux labeling interface and configuration
7 file format for the RDBMS objects context backend
8
10 #include <selinux/label.h>
11 int selabel_lookup(struct selabel_handle *hnd,
13 char **context,
14 const char *object_name, int object_type);
15 int selabel_lookup_raw(struct selabel_handle *hnd,
17 char **context,
18 const char *object_name, int object_type);
19
21 The DB contexts backend maps from a pair of object name and class into
22 security contexts. It is used to find the appropriate context for data‐
23 base objects when relabeling a certain database. The returned context
24 must be freed using freecon(3).
25 selabel_lookup(3) describes the function with its return and error
26 codes.
27 The object_name should be a fully qualified name using the hierarchy of
29 database objects. For example, the pg_class table in the postgres data‐
30 base and pg_catalog schema should be qualified as:
31 Bpostgres.pg_catalog.pg_class
32 The NOTES section has further information on database support for
34 namespace hierarchies.
35 The object_type argument should be set to one of the following values:
37 SELABEL_DB_DATABASE
39 The object_name argument specifies the name of a database
40 itself, such as "postgres".
41 SELABEL_DB_SCHEMA
43 The object_name argument specifies the name of a schema
44 object, such as "postgres.public".
45 SELABEL_DB_TABLE
47 The object_name argument specifies the name of a table
48 object, such as "postgres.public.my_table"
49 SELABEL_DB_COLUMN
51 The object_name argument specifies the name of a column
52 object, such as "postgres.public.my_table.user_id"
53 SELABEL_DB_TUPLE
55 The object_name argument specifies the name of a table
56 object which contains the tuples to be relabeled, such as
57 "postgresql.public.my_table". Note that we have no way to
58 identify individual tuple objects, except for WHERE
59 clause on DML statements, because it has no name.
60 SELABEL_DB_PROCEDURE
62 The object_name argument specifies the name of a proce‐
63 dure object, such as "postgres.public.my_func". Note that
64 we don't support lookup of individual security contexts
65 for procedures which have the same name but different
66 arguments.
67 SELABEL_DB_SEQUENCE
69 The object_name argument specifies the name of a sequence
70 object, such as "postgres.public.my_seq".
71 SELABEL_DB_BLOB
73 The object_name argument specifies the name of a large
74 object, such as "postgres.16308". Note that a large
75 object does not have a name, so it is identified by its
76 identifier value.
77 SELABEL_DB_VIEW
79 The object_name argument specifies the name of a view
80 object, such as "postgres.public.my_view".
81 SELABEL_DB_LANGUAGE
83 The object_name argument specifies the name of a language
84 object, such as "postgres.public.tcl".
85 SELABEL_DB_EXCEPTION
87 The object_name argument specifies the name of a excep‐
88 tion object.
89 SELABEL_DB_DATATYPE
91 The object_name argument specifies the name of a type or
92 domain object, such as postgres.public.my_type.
93 Any messages generated by selabel_lookup(3) are sent to stderr by
95 default, although this can be changed by selinux_set_callback(3).
96 selabel_lookup_raw(3) behaves identically to selabel_lookup(3) but does
98 not perform context translation.
99 The FILES section details the configuration files used to determine the
101 database object context.
102
104 In addition to the global options described in selabel_open(3), this
105 backend recognizes the following options:
106 SELABEL_OPT_PATH
108 A non-null value for this option specifies a path to a
109 file that will be opened in lieu of the standard DB con‐
110 texts file. It tries to open the specfile designed for
111 SE-PostgreSQL as default, so if another RDBMS uses this
112 interface, it needs to give an explicit specfile designed
113 for that RDBMS (see the FILES section for details).
114
116 The database context file used to retrieve a context depends on the
117 SELABEL_OPT_PATH parameter passed to selabel_open(3). If NULL, then the
118 SELABEL_OPT_PATH value will default to the active policy database con‐
119 texts location (as returned by selinux_sepgsql_context_path(3)), other‐
120 wise the actual SELABEL_OPT_PATH value specified is used (this option
121 must be used to support databases other than SE-PostgreSQL).
122 The default database object contexts file is:
124 /etc/selinux/{SELINUXTYPE}/contexts/sepgsql_context
125 Where {SELINUXTYPE} is the entry from the selinux configuration file
127 config (see selinux_config(5)).
128 The entries within the database contexts file are shown in the Object
130 Name String Values and FILE FORMAT sections.
131
133 The string name assigned to each object_type argument that can be
134 present in the database contexts file are:
135 ┌─────────────────────┬──────────────┐
137 │object_type │ Text Name │
138 ├─────────────────────┼──────────────┤
139 │SELABEL_DB_DATABASE │ db_database │
140 ├─────────────────────┼──────────────┤
141 │SELABEL_DB_SCHEMA │ db_schema │
142 ├─────────────────────┼──────────────┤
143 │SELABEL_DB_VIEW │ db_view │
144 ├─────────────────────┼──────────────┤
145 │SELABEL_DB_LANGUAGE │ db_language │
146 ├─────────────────────┼──────────────┤
147 │SELABEL_DB_TABLE │ db_table │
148 ├─────────────────────┼──────────────┤
149 │SELABEL_DB_COLUMN │ db_column │
150 ├─────────────────────┼──────────────┤
151 │SELABEL_DB_TUPLE │ db_tuple │
152 ├─────────────────────┼──────────────┤
153 │SELABEL_DB_PROCEDURE │ db_procedure │
154 ├─────────────────────┼──────────────┤
155 │SELABEL_DB_SEQUENCE │ db_sequence │
156 ├─────────────────────┼──────────────┤
157 │SELABEL_DB_BLOB │ db_blob │
158 ├─────────────────────┼──────────────┤
159 │SELABEL_DB_EXCEPTION │ db_exception │
160 ├─────────────────────┼──────────────┤
161 │SELABEL_DB_DATATYPE │ db_datatype │
162 └─────────────────────┴──────────────┘
164 Each line within the database contexts file is as follows:
165 object_type object_name context
166 Where:
168 object_type
169 This is the string representation of the object type
170 shown in the Object Name String Values section.
171 object_name
172 The key used to obtain the context based on the
173 object_type.
174 The entry can contain '*' for wildcard matching or '?'
176 for substitution.
177 Note that if the '*' is used, then be aware that the
179 order of entries in the file is important. The '*' on its
180 own is used to ensure a default fallback context is
181 assigned and should be the last entry in the object_type
182 block.
183 context
184 The security context that will be applied to the object.
185 The following example is for SE-PostgreSQL:
187 # ./contexts/sepgsql_contexts file
189 # object_type object_name context
190 db_database my_database system_u:object_r:sepgsql_db_t:s0
191 db_database * system_u:object_r:sepgsql_db_t:s0
192 db_schema *.* system_u:object_r:sepgsql_schema_t:s0
193 db_tuple row_low system_u:object_r:sepgsql_table_t:s0
194 db_tuple row_high system_u:object_r:sepgsql_table_t:s0:c1023
195 db_tuple *.*.* system_u:object_r:sepgsql_table_t:s0
196
198 1. A suitable database contexts file needs to be written for the tar‐
199 get RDBMS and the SELABEL_OPT_PATH option must be used in sela‐
200 bel_open(3) to load it.
201 2. The hierarchy of the namespace for database objects depends on the
203 RDBMS, however the selabel* interfaces do not have any specific
204 support for a namespace hierarchy.
205 SE-PostgreSQL has a namespace hierarchy where a database is the top
207 level object with the schema being the next level. Under the schema
208 object there can be other types of objects such as tables and pro‐
209 cedures. This hierarchy is supported as follows:
210 If a security context is required for "my_table" table in
212 the "public" schema within the "postgres" database, then the
213 selabel_lookup(3) parameters for object_type would be SELA‐
214 BEL_DB_TABLE and the object_name would be "postgres.pub‐
215 lic.my_table", the security context (if available), would be
216 returned in context.
217 3. If contexts are to be validated, then the global option SELA‐
219 BEL_OPT_VALIDATE must be set before calling selabel_open(3). If
220 this is not set, then it is possible for an invalid context to be
221 returned.
222
224 selinux(8), selabel_open(3), selabel_lookup(3), selabel_stats(3),
225 selabel_close(3), selinux_set_callback(3),
226 selinux_sepgsql_context_path(3), freecon(3), selinux_config(5)
227Security Enhanced Linux 01 DEC 2011 selabel_db(5)