Kohei KaiGai wrote: > This regression test fail come from the base security policy of selinux. > In the recent selinux-policy package, "unconfined" domain was changed > to have unrestricted permission as literal. So, this test case relies multi- > category policy restricts unconfined domain, but its assumption is not > correct now.
Makes sense. > The attached patch fixes the policy module of regression test. What branches need this patch? Do we need a modified patch for earlier branches? Could you provide a buildfarm animal that runs the sepgsql test in all branches on a regular basis? > However, I also think we may stop to rely permission set of pre-defined > selinux domains. Instead of pre-defined one, sepgsql-regtest.te may be > ought to define own domain with appropriate permission set independent > from the base selinux-policy version. Is this something we would backpatch? -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
