Re: [sepgsql 2/3] Add db_schema:search permission checks - Mailing list pgsql-hackers

From Kohei KaiGai
Subject Re: [sepgsql 2/3] Add db_schema:search permission checks
Date
Msg-id CADyhKSUsvc6orap1SxmHphTPN00Hz-zNH4toqh6dkySgqL6mHw@mail.gmail.com
Whole thread Raw
In response to Re: [sepgsql 2/3] Add db_schema:search permission checks  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
>> A problem regarding to validation of sepgsql-regtest policy module
>> is originated by semodule commands that takes root privilege to
>> list up installed policy modules. So, I avoided to use this command
>> in the test_sepgsql script.
>> However, I have an idea that does not raise script fail even if "sudo
>> semodule -l" returned an error, except for a case when it can run
>> correctly and the policy version is not expected one.
>> How about your opinion for this check?
>
> Not sure that's too useful.  And I don't like the idea of putting sudo
> commands in a test harness script.  That seems too much like the sort
> of thing bad people do.
>
OK, I also doubt whether my idea make sense.

The attached patch omitted the portion to check the version of
sepgsql-regtest, and add some notice in the document instead.
Also, it moves current directory to the contrib/sepgsql on top of
the script, to avoid the problem when we run test_sepgsql
on the directory except for contring/sepgsql.

Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>

Attachment

pgsql-hackers by date:

Previous
From: Kohei KaiGai
Date:
Subject: Re: [sepgsql 2/3] Add db_schema:search permission checks
Next
From: Stephen Frost
Date:
Subject: Re: Detach/attach table and index data files from one cluster to another