From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Mike Palmiotto <mike(dot)palmiotto(at)crunchydata(dot)com> |
Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org, Joe Conway <mail(at)joeconway(dot)com> |
Subject: | Re: sepgsql seems rather thoroughly broken on Fedora 30 |
Date: | 2019-07-25 15:09:04 |
Message-ID: | 22118.1564067344@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Mike Palmiotto <mike(dot)palmiotto(at)crunchydata(dot)com> writes:
> On Fri, Jul 19, 2019 at 4:29 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> I can confirm that the 0001 patch fixes things on my Fedora 30 box.
>> So that's good, though I don't know enough to evaluate it for style
>> or anything like that.
> I think the policy is in need of review/rewriting anyway. The proper
> thing to do would be to create a common template for all of the
> SELinux regtest user domains and create more of a hierarchical policy
> to reduce redundancy. If you want to wait for more formal policy
> updates, I can do that in my spare time. Otherwise, the patch I posted
> should work with the general style of this policy module.
Hearing no further comments, I went ahead and pushed 0001 (after
checking that it works on F28, which is the oldest Fedora version
I have at hand right now). Stylistic improvements to the script
are fine, but let's get the bug fixed for now.
BTW, I noticed that the documentation about how to run the tests
is a bit stale as well --- for instance, it says to use
$ sudo semodule -u sepgsql-regtest.pp
but that slaps your wrist:
The --upgrade option is deprecated. Use --install instead.
So if anyone does feel like polishing things in this area, some doc
review seems indicated.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Binguo Bao | 2019-07-25 15:20:50 | Re: [proposal] de-TOAST'ing using a iterator |
Previous Message | Tom Lane | 2019-07-25 14:44:13 | Re: Initdb failure |