Thread: Re: [GENERAL] Error compiling sepgsql in PG9.1
The attached patch enables to abort configure script when we run it with '--with-selinux' option, but libselinux is older than minimum requirement to SE-PostgreSQL. As the documentation said, it needs libselinux-2.0.93 at least, because this or later version support selabel_lookup(3) for database object classes; used to initial labeling. The current configure script checks existence of libselinux, but no version checks. (getpeercon_raw(3) has been a supported API for a long term.) The selinux_sepgsql_context_path(3) is a good watermark of libselinux-2.0.93 instead. Thanks, -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@emea.nec.com> > -----Original Message----- > From: Devrim GÜNDÜZ [mailto:devrim@gunduz.org] > Sent: 21. Mai 2011 07:46 > To: Kohei Kaigai > Cc: Emanuel Calvo; postgresql Forums; KaiGai Kohei > Subject: Re: [GENERAL] Error compiling sepgsql in PG9.1 > > On Sat, 2011-05-21 at 02:50 +0100, Kohei Kaigai wrote: > > As documentation said, it needs libselinux 2.0.93 or higher. > > This version supports selabel_lookup(3) for database object classes. > > AFAICS, we are not checking it during configure. It might be worth to add libselinux version check > in the configure phase. > -- > Devrim GÜNDÜZ > Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com PostgreSQL > Danışmanı/Consultant, Red Hat Certified Engineer > Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org Twitter: > http://twitter.com/devrimgunduz
Attachment
2011/5/24 Kohei Kaigai <Kohei.Kaigai@emea.nec.com>: > The attached patch enables to abort configure script when we run it with '--with-selinux' > option, but libselinux is older than minimum requirement to SE-PostgreSQL. > > As the documentation said, it needs libselinux-2.0.93 at least, because this or later > version support selabel_lookup(3) for database object classes; used to initial labeling. > > The current configure script checks existence of libselinux, but no version checks. > (getpeercon_raw(3) has been a supported API for a long term.) > The selinux_sepgsql_context_path(3) is a good watermark of libselinux-2.0.93 instead. Looks to me like you need to adjust the wording of the error message. Maybe "libselinux version 2.0.93 or newer is required", or something like that. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
Robert Haas <robertmhaas@gmail.com> writes: > 2011/5/24 Kohei Kaigai <Kohei.Kaigai@emea.nec.com>: >> The attached patch enables to abort configure script when we run it with '--with-selinux' >> option, but libselinux is older than minimum requirement to SE-PostgreSQL. > Looks to me like you need to adjust the wording of the error message. > Maybe "libselinux version 2.0.93 or newer is required", or something like that. Yeah. Applied with that change. BTW, it's not helpful to include the diff of the generated configure script in such patches. The committer will run autoconf for himself, and from a readability standpoint the generated file is quite useless. regards, tom lane