On Thu, Aug 18, 2011 at 12:52 PM, Robert Haas <robertmh...@gmail.com> wrote:
> On Thu, Aug 18, 2011 at 12:46 PM, Robert Haas <robertmh...@gmail.com> wrote:
>> On Thu, Jul 21, 2011 at 5:29 AM, Kohei Kaigai <kohei.kai...@emea.nec.com>
>> wrote:
>>> The attached patch is revised userspace-avc patch.
>>>
>>> List of updates:
>>> - The GUC of sepgsql.avc_threshold was removed.
>>> - "char *ucontext" of avc_cache was replaced by "bool tcontext_is_valid".
>>> - Comments added onto static variables
>>> - Comments of sepgsql_avc_unlabeled() was revised.
>>> - Comments of sepgsql_avc_compute() was simplified.
>>> - Comments of sepgsql_avc_check_perms_label() also mention about
>>> permissive domain, that performs similar to system's permissive mode.
>>> - selinux_status_close() become invoked on on_proc_exit() hook.
>>
>> I tried to give this a test drive today but got stuck. I got sepgsql
>> compiled OK, but look what happens when I try to start the server:
>>
>> [rhaas@f15selinux ~]$ postgres
>> FATAL: could not load library
>> "/home/rhaas/project/lib/postgresql/sepgsql.so":
>> /home/rhaas/project/lib/postgresql/sepgsql.so: undefined symbol:
>> getpeercon_raw
>>
>> This is Fedora 15, with all available updates applied.
>
> Oh. Apparently, this is what happens when you try to build sepgsql
> without passing --with-selinux to configure.
>
> That's lame. I think we need to patch contrib/sepgsql so that it
> fails to build in that case, rather than building and then not
> working.
Also, I get these warnings:
/etc/selinux/targeted/contexts/sepgsql_contexts: line 33 has invalid
object type db_blobs
/etc/selinux/targeted/contexts/sepgsql_contexts: line 36 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts: line 37 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts: line 38 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts: line 39 has invalid
object type db_language
/etc/selinux/targeted/contexts/sepgsql_contexts: line 40 has invalid
object type db_language
1: sepgsql_restorecon = "t" (typeid = 16, len = 1, typmod = -1,
byval = t)
The first is mentioned in the latest documentation, but the rest are not.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
