Re: One question about security label command - Mailing list pgsql-hackers
From | Joe Conway |
---|---|
Subject | Re: One question about security label command |
Date | |
Msg-id | 55E08039.90601@joeconway.com Whole thread Raw |
In response to | Re: One question about security label command (Joe Conway <mail@joeconway.com>) |
Responses |
Re: One question about security label command
|
List | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/25/2015 06:54 PM, Joe Conway wrote: > On 08/25/2015 06:03 PM, Joe Conway wrote: >> I'm arriving late to this party, so maybe everyone else already >> knows this, but apparently sepgsql is not compatible with the >> version of selinux available on RHEL 6.x. So there doesn't seem >> to be much reason for a RHEL 6.x buildfarm animal just for >> sepgsql testing as it will always fail ;-) > > Just to be clear, I have marked this on the commitfest app as > ready for commit, and plan to commit it soon. Figuring out the > buildfarm animal will be my next task after that. Here's a synopsis of the state of play with respect to sepgsql regression tests: Required PG Ver RHEL Ver* test w/patch test w/o patch - ------ --------- ------------ -------------- HEAD 7.x OK NOK 9.5 7.x OK NOK 9.4 7.x OK** NOK 9.3 7.x OK** NOK 9.2 7.x NOK NOK 9.1 6.x NOK OK 9.0*** N/A N/A N/A - ------ --------- ------------ -------------- * It is really the version of libselinux.so that matters here. RHEL 7.x has libselinux 2.2.x whereas RHEL 6.x has 2.0.x. The latter lacks functionality required by sepgsql starting with PG 9.2. ** As noted in an earlier message on this thread by Adam, with PG 9.4 (and 9.3) there is some addition noise coming from differences in default verbosity or possibly error context hiding added after 9.4, which causes the regression to fail with Kouhei's patch. Attached is a slightly modified patch that works for 9.4 and 9.3. *** sepgsql was introduced in PG 9.1 So given all that, here is what I propose we do: 1.) Commit Kouhei's patch against HEAD and 9.5 (Joe) 2.) Commit my modified patch against 9.4 and 9.3 (Joe) 3.) Rework patch for 9.2 (Kouhei) 4.) Finish standing up the RHEL/CentOS 7.x buildfarm member to test sepgsql on 9.2 and up. The animal (rhinoceros) is running already, but still needs some custom scripting. (Joe, Andrew) 5.) Additionally stand up a RHEL/CentOS 6.x buildfarm member to test sepgsql on 9.1 (no changes) (Joe). Sound like a plan? Joe - -- Crunchy Data - http://crunchydata.com PostgreSQL Support for Secure Enterprises Consulting, Training, & Open Source Development -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJV4IA5AAoJEDfy90M199hlF6wP/1p0xpVORBY4DLjLaM8KzAWt HxZjtK6vD8yQCG45L1crhYnB2FYIHZoG+71WwP7xSZ6YnOC+g5mFrjh6YdRMxwSe OSnMIuy7QvVZrGfvSSIG6u4lBivi9jDC6mnFuU5YW9Q3mk6HBdJbErIuwP3z0Bxj c9yuh6WqWRNghVwIyErkdbp7YqFDeoQZ8iSiKxDghMIQRzFgB4K1egEDM6TGAo/1 /1j0vSLmRoQPZvDnJaLCAsZzw7JozppwCXPwfpwd2Xj6N3h/v9aoflRKaKppvf16 vIqDcHkdbea3Bk/jGS3OBBMBXDsd5lrfjF5iaFVtiBu04VjUaJJ0mHOKNL+xf4Uk E9C8bjxpR7MEeiR8tE8RTMWg710ITVix3P8I3y+LS0V8GhzaHw2AOKSlGVNlRf/Y VfoFEcvqcqsnenA3gmUbljSeHI0G3G5w+nTwEvciug28PffnpNyamtjPOn4IEay4 12RrbD/v7IfsXxjnDqhQRLdy1t7tVDjNC6ddjSfT3G64v4pvBoSaT9NQXWJ9jw3A aM345gguBRVGcKRD/UZfUZ4VBesj5T67g56HPmEqDC+7LlqVBSmKdEJ51RrfRsKF fd8OZT43h9+XXD4yCuxt0bt38ybiRsOAdjT4eUrTj18GGx0q3P08NNnZI2V0fe4b /8pM9IlcdxDYGS7e3oPv =SbW3 -----END PGP SIGNATURE-----
Attachment
pgsql-hackers by date: