> That's lame. I think we need to patch contrib/sepgsql so that it > fails to build in that case, rather than building and then not > working. > It might be the following fix, but I have no idea to generate an error when $(with_selinux) != "yes" on makefile.
diff --git a/contrib/sepgsql/Makefile b/contrib/sepgsql/Makefile index 7f997ee..fec4f1a 100644 --- a/contrib/sepgsql/Makefile +++ b/contrib/sepgsql/Makefile @@ -19,6 +19,12 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif +ifneq ($(with_selinux),yes) +## +## Error generation +## +endif + SHLIB_LINK += $(filter -lselinux, $(LIBS)) REGRESS_OPTS += --launcher $(top_builddir)/contrib/sepgsql/launcher -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kai...@emea.nec.com> > -----Original Message----- > From: Robert Haas [mailto:robertmh...@gmail.com] > Sent: 18. August 2011 17:53 > To: Kohei Kaigai > Cc: Yeb Havinga; PgHacker; Kohei KaiGai > Subject: Re: [HACKERS] [v9.1] sepgsql - userspace access vector cache > > On Thu, Aug 18, 2011 at 12:46 PM, Robert Haas <robertmh...@gmail.com> wrote: > > On Thu, Jul 21, 2011 at 5:29 AM, Kohei Kaigai <kohei.kai...@emea.nec.com> > > wrote: > >> The attached patch is revised userspace-avc patch. > >> > >> List of updates: > >> - The GUC of sepgsql.avc_threshold was removed. > >> - "char *ucontext" of avc_cache was replaced by "bool tcontext_is_valid". > >> - Comments added onto static variables > >> - Comments of sepgsql_avc_unlabeled() was revised. > >> - Comments of sepgsql_avc_compute() was simplified. > >> - Comments of sepgsql_avc_check_perms_label() also mention about > >> permissive domain, that performs similar to system's permissive mode. > >> - selinux_status_close() become invoked on on_proc_exit() hook. > > > > I tried to give this a test drive today but got stuck. I got sepgsql > > compiled OK, but look what happens when I try to start the server: > > > > [rhaas@f15selinux ~]$ postgres > > FATAL: could not load library > > "/home/rhaas/project/lib/postgresql/sepgsql.so": > > /home/rhaas/project/lib/postgresql/sepgsql.so: undefined symbol: > > getpeercon_raw > > > > This is Fedora 15, with all available updates applied. > > Oh. Apparently, this is what happens when you try to build sepgsql > without passing --with-selinux to configure. > > That's lame. I think we need to patch contrib/sepgsql so that it > fails to build in that case, rather than building and then not > working. > > -- > Robert Haas > EnterpriseDB: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > > > Click > https://www.mailcontrol.com/sr/i+p!jARD6rnTndxI!oX7Uu+NqWBeKfvsxHen8ElqAIKK2vDQ5PIqETvu3D1VdIOLM1 > BV3YJKcc+1yubdBaCdqw== to report this email as spam. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers