2015-03-12 1:27 GMT+09:00 Alvaro Herrera <alvhe...@2ndquadrant.com>: > Robert Haas wrote: >> On Tue, Mar 10, 2015 at 6:58 PM, Kohei KaiGai <kai...@kaigai.gr.jp> wrote: >> > ERRCODE_FEATURE_NOT_SUPPORTED is suitable error code here. >> > Please see the attached one. >> >> Committed. I did not bother back-patching this, but I can do that if >> people think it's important. > > I don't really care myself. > >> The sepgsql regression tests don't seem >> to pass for me any more; I wonder if some expected-output changes are >> needed as a result of core changes. >> I'm guessing these tests are not running in an automated fashion anywhere? > > Oops, that's bad. I vaguely recall asking someone for a buildfarm > animal running these tests, but I guess that didn't happen. > This regression test fail come from the base security policy of selinux. In the recent selinux-policy package, "unconfined" domain was changed to have unrestricted permission as literal. So, this test case relies multi- category policy restricts unconfined domain, but its assumption is not correct now. The attached patch fixes the policy module of regression test. However, I also think we may stop to rely permission set of pre-defined selinux domains. Instead of pre-defined one, sepgsql-regtest.te may be ought to define own domain with appropriate permission set independent from the base selinux-policy version. Please give me time to investigate.
Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp>
sepgsql-fixup-regtest-policy.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
