From: Robert Haas Date: Thu, 15 Mar 2012 20:49:44 +0000 (-0400) Subject: A couple more fixes for the sepgsql documentation. X-Git-Tag: REL9_2_BETA1~274 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4012810a688f37ea12159f93d3ab0a1ed47ca3dc;p=postgresql A couple more fixes for the sepgsql documentation. --- diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml index ce752f3dbe..07c6b99f45 100644 --- a/doc/src/sgml/sepgsql.sgml +++ b/doc/src/sgml/sepgsql.sgml @@ -561,8 +561,8 @@ ERROR: SELinux: security policy violation A combination of dynamic domain transition and trusted procedure - enables an interesting use case that fits the typical process life- - cycle of connection pooling software. + enables an interesting use case that fits the typical process life-cycle + of connection pooling software. Even if your connection pooling software is not allowed to run most of SQL commands, you can allow it to switch the security label of the client using the sepgsql_setcon() function @@ -576,7 +576,7 @@ ERROR: SELinux: security policy violation procedure with appropriate permissions checks. The point here is that only the trusted procedure actually has permission to change the effective security label, and only does so when given proper - credentials. Of course, for secure operation, the credential store must + credentials. Of course, for secure operation, the credential store (table, procedure definition, or whatever) must be protected from unauthorized access.