Skip site navigation (1) Skip section navigation (2)

Re: contrib/sepgsql regression tests are a no-go

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Peter Eisentraut <peter_e(at)gmx(dot)net>, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: contrib/sepgsql regression tests are a no-go
Date: 2011-09-27 22:30:58
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> On Tue, Sep 27, 2011 at 3:39 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Accordingly, the attached patch does what I suggested above, namely dike
>> out the Makefile's knowledge of how to run the regression tests and put
>> it into the chkselinuxenv script.

> Seems fine.  The rename is definitely needed.  We may want to
> back-patch this into 9.1 to avoid the headache of dealing with this
> for 5 years.

I'm definitely gonna back-patch it, because otherwise I'll be carrying
it as a RHEL and Fedora patch for that long ;-)

>> I have not touched the documentation, either. One thing I'd like to do
>> is adjust both the SGML documentation and the hints printed by the
>> script to uniformly use "sudo ...root-privileged-command..." rather than
>> recommending use of "su".

> I think that's your own preference showing.  How about just telling
> people to run the commands as root without specifying how they should
> accomplish that?

Well, maybe, but it seems hard to do without being verbose.  If you just

	$ sudo blah blah blah

the meaning is obvious (or if it isn't, you got no business playing with
SELinux anyway), and you can easily include, or not, the "sudo" part when
copying and pasting the command.  Right now we've got things like

$ cd .../contrib/sepgsql
$ make -f /usr/share/selinux/devel/Makefile
$ su
# semodule -u sepgsql-regtest.pp
# semodule -l | grep sepgsql
sepgsql-regtest 1.03

What I'd prefer is

$ cd .../contrib/sepgsql
$ make -f /usr/share/selinux/devel/Makefile
$ sudo semodule -u sepgsql-regtest.pp
$ sudo semodule -l | grep sepgsql
sepgsql-regtest 1.03

If I have to break up the recipe with annotations like "run this part as
root" and then "these commands no longer need root", I don't think
that's going to be an improvement over either of the above.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Florian PflugDate: 2011-09-27 22:53:10
Subject: Re: Hot Backup with rsync fails at pg_clog if under load
Previous:From: Marti RaudseppDate: 2011-09-27 22:19:08
Subject: [PATCH] Log crashed backend's query v2

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group