Thread: Re: [GENERAL] Error compiling sepgsql in PG9.1

Re: [GENERAL] Error compiling sepgsql in PG9.1

From

Kohei Kaigai

Date:

24 May 2011, 17:31:17

The attached patch enables to abort configure script when we run it with '--with-selinux'
option, but libselinux is older than minimum requirement to SE-PostgreSQL.

As the documentation said, it needs libselinux-2.0.93 at least, because this or later
version support selabel_lookup(3) for database object classes; used to initial labeling.

The current configure script checks existence of libselinux, but no version checks.
(getpeercon_raw(3) has been a supported API for a long term.)
The selinux_sepgsql_context_path(3) is a good watermark of libselinux-2.0.93 instead.

Thanks,
--
NEC Europe Ltd, SAP Global Competence Center
KaiGai Kohei <kohei.kaigai@emea.nec.com>

> -----Original Message-----
> From: Devrim GÜNDÜZ [mailto:devrim@gunduz.org]
> Sent: 21. Mai 2011 07:46
> To: Kohei Kaigai
> Cc: Emanuel Calvo; postgresql Forums; KaiGai Kohei
> Subject: Re: [GENERAL] Error compiling sepgsql in PG9.1
> 
> On Sat, 2011-05-21 at 02:50 +0100, Kohei Kaigai wrote:
> > As documentation said, it needs libselinux 2.0.93 or higher.
> > This version supports selabel_lookup(3) for database object classes.
> 
> AFAICS, we are not checking it during configure. It might be worth to add libselinux version check
> in the configure phase.
> --
> Devrim GÜNDÜZ
> Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com PostgreSQL
> Danışmanı/Consultant, Red Hat Certified Engineer
> Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org  Twitter:
> http://twitter.com/devrimgunduz

Attachment

sepgsql-fix-config-version.patch

Re: [GENERAL] Error compiling sepgsql in PG9.1

From

Robert Haas

Date:

24 May 2011, 18:14:34

2011/5/24 Kohei Kaigai <Kohei.Kaigai@emea.nec.com>:
> The attached patch enables to abort configure script when we run it with '--with-selinux'
> option, but libselinux is older than minimum requirement to SE-PostgreSQL.
>
> As the documentation said, it needs libselinux-2.0.93 at least, because this or later
> version support selabel_lookup(3) for database object classes; used to initial labeling.
>
> The current configure script checks existence of libselinux, but no version checks.
> (getpeercon_raw(3) has been a supported API for a long term.)
> The selinux_sepgsql_context_path(3) is a good watermark of libselinux-2.0.93 instead.

Looks to me like you need to adjust the wording of the error message.

Maybe "libselinux version 2.0.93 or newer is required", or something like that.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

Re: [GENERAL] Error compiling sepgsql in PG9.1

From

Tom Lane

Date:

24 May 2011, 19:53:34

Robert Haas <robertmhaas@gmail.com> writes:
> 2011/5/24 Kohei Kaigai <Kohei.Kaigai@emea.nec.com>:
>> The attached patch enables to abort configure script when we run it with '--with-selinux'
>> option, but libselinux is older than minimum requirement to SE-PostgreSQL.

> Looks to me like you need to adjust the wording of the error message.
> Maybe "libselinux version 2.0.93 or newer is required", or something like that.

Yeah.  Applied with that change.

BTW, it's not helpful to include the diff of the generated configure
script in such patches.  The committer will run autoconf for himself,
and from a readability standpoint the generated file is quite useless.
        regards, tom lane