Re: One question about security label command

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/25/2015 06:54 PM, Joe Conway wrote:
> On 08/25/2015 06:03 PM, Joe Conway wrote:
>> I'm arriving late to this party, so maybe everyone else already
>> knows this, but apparently sepgsql is not compatible with the
>> version of selinux available on RHEL 6.x. So there doesn't seem
>> to be much reason for a RHEL 6.x buildfarm animal just for
>> sepgsql testing as it will always fail ;-)
>
> Just to be clear, I have marked this on the commitfest app as
> ready for commit, and plan to commit it soon. Figuring out the
> buildfarm animal will be my next task after that.

Here's a synopsis of the state of play with respect to sepgsql
regression tests:

Required
PG Ver RHEL Ver* test w/patch test w/o patch
- ------ --------- ------------ --------------
HEAD 7.x OK NOK
9.5 7.x OK NOK
9.4 7.x OK** NOK
9.3 7.x OK** NOK
9.2 7.x NOK NOK
9.1 6.x NOK OK
9.0*** N/A N/A N/A
- ------ --------- ------------ --------------
* It is really the version of libselinux.so that matters here. RHEL
7.x has libselinux 2.2.x whereas RHEL 6.x has 2.0.x. The latter lacks
functionality required by sepgsql starting with PG 9.2.
** As noted in an earlier message on this thread by Adam, with PG 9.4
(and 9.3) there is some addition noise coming from differences in
default verbosity or possibly error context hiding added after 9.4,
which causes the regression to fail with Kouhei's patch. Attached is a
slightly modified patch that works for 9.4 and 9.3.
*** sepgsql was introduced in PG 9.1

So given all that, here is what I propose we do:

1.) Commit Kouhei's patch against HEAD and 9.5 (Joe)
2.) Commit my modified patch against 9.4 and 9.3 (Joe)
3.) Rework patch for 9.2 (Kouhei)
4.) Finish standing up the RHEL/CentOS 7.x buildfarm member to
test sepgsql on 9.2 and up. The animal (rhinoceros) is running
already, but still needs some custom scripting. (Joe, Andrew)
5.) Additionally stand up a RHEL/CentOS 6.x buildfarm member to test
sepgsql on 9.1 (no changes) (Joe).

Sound like a plan?

Joe
- --
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJV4IA5AAoJEDfy90M199hlF6wP/1p0xpVORBY4DLjLaM8KzAWt
HxZjtK6vD8yQCG45L1crhYnB2FYIHZoG+71WwP7xSZ6YnOC+g5mFrjh6YdRMxwSe
OSnMIuy7QvVZrGfvSSIG6u4lBivi9jDC6mnFuU5YW9Q3mk6HBdJbErIuwP3z0Bxj
c9yuh6WqWRNghVwIyErkdbp7YqFDeoQZ8iSiKxDghMIQRzFgB4K1egEDM6TGAo/1
/1j0vSLmRoQPZvDnJaLCAsZzw7JozppwCXPwfpwd2Xj6N3h/v9aoflRKaKppvf16
vIqDcHkdbea3Bk/jGS3OBBMBXDsd5lrfjF5iaFVtiBu04VjUaJJ0mHOKNL+xf4Uk
E9C8bjxpR7MEeiR8tE8RTMWg710ITVix3P8I3y+LS0V8GhzaHw2AOKSlGVNlRf/Y
VfoFEcvqcqsnenA3gmUbljSeHI0G3G5w+nTwEvciug28PffnpNyamtjPOn4IEay4
12RrbD/v7IfsXxjnDqhQRLdy1t7tVDjNC6ddjSfT3G64v4pvBoSaT9NQXWJ9jw3A
aM345gguBRVGcKRD/UZfUZ4VBesj5T67g56HPmEqDC+7LlqVBSmKdEJ51RrfRsKF
fd8OZT43h9+XXD4yCuxt0bt38ybiRsOAdjT4eUrTj18GGx0q3P08NNnZI2V0fe4b
/8pM9IlcdxDYGS7e3oPv
=SbW3
-----END PGP SIGNATURE-----