Alvaro, KaiGai,

* Alvaro Herrera (alvhe...@2ndquadrant.com) wrote:
> Kohei KaiGai wrote:
> 
> > This regression test fail come from the base security policy of selinux.
> > In the recent selinux-policy package, "unconfined" domain was changed
> > to have unrestricted permission as literal. So, this test case relies multi-
> > category policy restricts unconfined domain, but its assumption is not
> > correct now.
> 
> Makes sense.
> 
> > The attached patch fixes the policy module of regression test.
> 
> What branches need this patch?  Do we need a modified patch for
> earlier branches?
> 
> Could you provide a buildfarm animal that runs the sepgsql test in all
> branches on a regular basis?

Would be great if KaiGai can, of course, but I'm planning to stand one
up here soon in any case.

> > However, I also think we may stop to rely permission set of pre-defined
> > selinux domains. Instead of pre-defined one, sepgsql-regtest.te may be
> > ought to define own domain with appropriate permission set independent
> > from the base selinux-policy version.
> 
> Is this something we would backpatch?

As it's just a change to the regression tests, it seems like it'd be a
good idea to backpatch it to me as there's very low risk of it breaking
anything and it'd actually fix the tests when they're run.

        Thanks!

                Stephen

Attachment: signature.asc
Description: Digital signature

Reply via email to