The attached patch enables to abort configure script when we run it with '--with-selinux'
option, but libselinux is older than minimum requirement to SE-PostgreSQL.
As the documentation said, it needs libselinux-2.0.93 at least, because this or later
version support selabel_lookup(3) for database object classes; used to initial labeling.
The current configure script checks existence of libselinux, but no version checks.
(getpeercon_raw(3) has been a supported API for a long term.)
The selinux_sepgsql_context_path(3) is a good watermark of libselinux-2.0.93 instead.
Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei.kaigai@emea.nec.com>
> -----Original Message-----
> From: Devrim GÜNDÜZ [mailto:devrim@gunduz.org]
> Sent: 21. Mai 2011 07:46
> To: Kohei Kaigai
> Cc: Emanuel Calvo; postgresql Forums; KaiGai Kohei
> Subject: Re: [GENERAL] Error compiling sepgsql in PG9.1
>
> On Sat, 2011-05-21 at 02:50 +0100, Kohei Kaigai wrote:
> > As documentation said, it needs libselinux 2.0.93 or higher.
> > This version supports selabel_lookup(3) for database object classes.
>
> AFAICS, we are not checking it during configure. It might be worth to add libselinux version check
> in the configure phase.
> --
> Devrim GÜNDÜZ
> Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com PostgreSQL
> Danışmanı/Consultant, Red Hat Certified Engineer
> Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org Twitter:
> http://twitter.com/devrimgunduz
