| From: | Kohei Kaigai <Kohei(dot)Kaigai(at)EU(dot)NEC(dot)COM> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: sepgsql contrib module |
| Date: | 2011-03-03 10:38:29 |
| Message-ID: | A9F5079BABDEE646AEBDB6831725762C4205C87A79@EUEXCLU01.EU.NEC.COM |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Sorry so much!
I thought I replied to the question already, but not yet.
> $ find /usr/share/selinux -name '*ake*'
> /usr/share/selinux/default/include/Makefile
> /usr/share/selinux/ubuntu/include/Makefile
> /usr/share/selinux/mls/include/Makefile
>
> Not sure which of these would be the right one to use.
>
The 4th level entry shall be replaced by policy type.
So, if "ubuntu" policy type is available on the system, the Makefile
we shall use is /usr/share/selinux/ubuntu/include/Makefile .
^^^^^^
We can confirm the current available policy type from /etc/selinux/config
or using sestatus command.
[kaigai(at)vmlinux tmp]$ sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
^^^^^^^^ It is the policy type.
In this case, the current available policy type is "targeted".
BTW, it seems to me the base version of selinux-policy-* package in Ubuntu
is forked from an older snapshot (20091117), so it does not have enough rules
to run SE-PostgreSQL.
Right now, Fedora 13/14 is the easiest way.
Thanks,
--
NEC Europe Ltd, Global Competence Center
KaiGai Kohei <kohei(dot)kaigai(at)eu(dot)nec(dot)com>
> -----Original Message-----
> From: Robert Haas [mailto:robertmhaas(at)gmail(dot)com]
> Sent: 17. Februar 2011 11:42
> To: Kohei Kaigai
> Cc: Tom Lane; Andrew Dunstan; Stephen Frost; KaiGai Kohei; PgHacker
> Subject: Re: [HACKERS] sepgsql contrib module
>
> On Thu, Feb 17, 2011 at 3:56 AM, Kohei Kaigai <Kohei(dot)Kaigai(at)eu(dot)nec(dot)com>
> wrote:
> > The attached patch removes rules to build a policy package for regression
> > test and modifies documentation part to introduce steps to run the test.
>
> Committed. Incidentally, on my Ubuntu system:
>
> $ find /usr/share/selinux -name '*ake*'
> /usr/share/selinux/default/include/Makefile
> /usr/share/selinux/ubuntu/include/Makefile
> /usr/share/selinux/mls/include/Makefile
>
> Not sure which of these would be the right one to use.
>
> --
> Robert Haas
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
> Click
> https://www.mailcontrol.com/sr/1JPOTPNZc+vTndxI!oX7UnkyRQ0MRq91W9aRlCO
> 56S1wi0rtpLI1rpvj957f8eUOrAhhBS0z5yrieLvRJKIvyA== to report this email
> as spam.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2011-03-03 10:53:08 | Sync Rep v19 |
| Previous Message | Dimitri Fontaine | 2011-03-03 10:27:45 | Re: Quick Extensions Question |