From 0f05840bf4c256b838eca8f1be9d7b5be82ccd0e Mon Sep 17 00:00:00 2001
From: Robert Haas
Date: Thu, 28 Mar 2013 15:38:35 -0400
Subject: Allow sepgsql labels to depend on object name.

The main change here is to call security_compute_create_name_raw()
rather than security_compute_create_raw().  This ups the minimum
requirement for libselinux from 2.0.99 to 2.1.10, but it looks
like most distributions will have picked that up before 9.3 is out.

KaiGai Kohei
---
 contrib/sepgsql/database.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'contrib/sepgsql/database.c')

diff --git a/contrib/sepgsql/database.c b/contrib/sepgsql/database.c
index 64d37a3ca99..91e6c4f441e 100644
--- a/contrib/sepgsql/database.c
+++ b/contrib/sepgsql/database.c
@@ -92,7 +92,8 @@ sepgsql_database_post_create(Oid databaseId, const char *dtemplate)
 
 	ncontext = sepgsql_compute_create(sepgsql_get_client_label(),
 									  tcontext,
-									  SEPG_CLASS_DB_DATABASE);
+									  SEPG_CLASS_DB_DATABASE,
+									  NameStr(datForm->datname));
 
 	/*
 	 * check db_database:{create} permission
-- 
cgit v1.2.3