Postgres Pro
Downloads
Home   >   mailing lists

Re: sepgsql contrib module - Mailing list pgsql-hackers

From Kohei Kaigai
Subject Re: sepgsql contrib module
Date
Msg-id A9F5079BABDEE646AEBDB6831725762C4205C87A79@EUEXCLU01.EU.NEC.COM
Whole thread Raw
In response to Re: sepgsql contrib module  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
Tree view 
Sorry so much!
I thought I replied to the question already, but not yet.

> $ find /usr/share/selinux -name '*ake*'
> /usr/share/selinux/default/include/Makefile
> /usr/share/selinux/ubuntu/include/Makefile
> /usr/share/selinux/mls/include/Makefile
>
> Not sure which of these would be the right one to use.
>
The 4th level entry shall be replaced by policy type.

So, if "ubuntu" policy type is available on the system, the Makefile
we shall use is /usr/share/selinux/ubuntu/include/Makefile .                                  ^^^^^^

We can confirm the current available policy type from /etc/selinux/config
or using sestatus command.
 [kaigai@vmlinux tmp]$ sestatus SELinux status:                 enabled SELinuxfs mount:                /selinux
Currentmode:                   enforcing Mode from config file:          enforcing Policy version:                 24
Policyfrom config file:        targeted                                 ^^^^^^^^ It is the policy type. 

In this case, the current available policy type is "targeted".

BTW, it seems to me the base version of selinux-policy-* package in Ubuntu
is forked from an older snapshot (20091117), so it does not have enough rules
to run SE-PostgreSQL.

Right now, Fedora 13/14 is the easiest way.

Thanks,
--
NEC Europe Ltd, Global Competence Center
KaiGai Kohei <kohei.kaigai@eu.nec.com>


> -----Original Message-----
> From: Robert Haas [mailto:robertmhaas@gmail.com]
> Sent: 17. Februar 2011 11:42
> To: Kohei Kaigai
> Cc: Tom Lane; Andrew Dunstan; Stephen Frost; KaiGai Kohei; PgHacker
> Subject: Re: [HACKERS] sepgsql contrib module
>
> On Thu, Feb 17, 2011 at 3:56 AM, Kohei Kaigai <Kohei.Kaigai@eu.nec.com>
> wrote:
> > The attached patch removes rules to build a policy package for regression
> > test and modifies documentation part to introduce steps to run the test.
>
> Committed.  Incidentally, on my Ubuntu system:
>
> $ find /usr/share/selinux -name '*ake*'
> /usr/share/selinux/default/include/Makefile
> /usr/share/selinux/ubuntu/include/Makefile
> /usr/share/selinux/mls/include/Makefile
>
> Not sure which of these would be the right one to use.
>
> --
> Robert Haas
> EnterpriseDB: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
>
>  Click
> https://www.mailcontrol.com/sr/1JPOTPNZc+vTndxI!oX7UnkyRQ0MRq91W9aRlCO
> 56S1wi0rtpLI1rpvj957f8eUOrAhhBS0z5yrieLvRJKIvyA==  to report this email
> as spam.

pgsql-hackers by date:

Previous
From: Greg Stark
Date:
Subject: Re: Mark deprecated operators as such in their comments?
Next
From: Tom Lane
Date:
Subject: Re: Quick Extensions Question