diff options
-rw-r--r-- | policy/modules/services/postgresql.te | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index 810fb0ed4..7eec1b665 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -20,6 +20,13 @@ gen_require(` ## <desc> ## <p> +## Allow postgresql to map memory regions as both executable and writable (e.g. for JIT). +## </p> +## </desc> +gen_tunable(psql_allow_execmem, false) + +## <desc> +## <p> ## Allow unprived users to execute DDL statement ## </p> ## </desc> @@ -363,7 +370,7 @@ optional_policy(` mta_getattr_spool(postgresql_t) ') -tunable_policy(`allow_execmem',` +tunable_policy(`allow_execmem || psql_allow_execmem',` allow postgresql_t self:process execmem; ') |