Re: sepgsql contrib module

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> On 02/14/2011 08:36 PM, Tom Lane wrote:
>> It looks to me like /selinux/mls is some weird phony-filesystem file,
>> because "cat" prints one character (a "1") while "ls" claims the file is
>> of zero length. So it's probably something consed up by the kernel,
>> like /proc/. Do you have selinux enabled on your machine?

> Np, but that really shouldn't be a build requirement, ISTM, even if it
> is a test requirement.

[ A few reboots later... ] Yeah, I've confirmed that /selinux/mls isn't
there at all when SELinux is disabled. When it is there, it reflects
the setting of SELINUXTYPE ("targeted" or "mls"). So that explains what
/usr/share/selinux/devel/Makefile is doing, but it doesn't make it a
good idea.

>> (BTW, testing what seems to be a kernel-configuration-reporting flag at
>> build time strikes me as pretty awful design.)

> Yeah, I agree.

Yup, this is just broken by design.

It looks like /usr/share/selinux/devel/Makefile basically just sets NAME
and TYPE and then calls /usr/share/selinux/devel/include/Makefile, so we
could avoid the dependence on the build machine's current state if we
did that for ourselves. Of course that just begs the question of what
we should set these variables *to*. Since the file being built is only
used for regression testing, it wouldn't be unreasonable to pick some
values, but it's not clear to me whether things would go blooey if the
eventual test machine had different settings.

On the whole, I don't think that sepgsql-regtest.pp should be built or
installed at all during the build phase. It ought to be generated
during regression test startup, instead.

regards, tom lane