On Thu, Jul 21, 2011 at 5:29 AM, Kohei Kaigai <Kohei.Kaigai@emea.nec.com> wrote:
> The attached patch is revised userspace-avc patch.
>
> List of updates:
> - The GUC of sepgsql.avc_threshold was removed.
> - "char *ucontext" of avc_cache was replaced by "bool tcontext_is_valid".
> - Comments added onto static variables
> - Comments of sepgsql_avc_unlabeled() was revised.
> - Comments of sepgsql_avc_compute() was simplified.
> - Comments of sepgsql_avc_check_perms_label() also mention about
> permissive domain, that performs similar to system's permissive mode.
> - selinux_status_close() become invoked on on_proc_exit() hook.
I tried to give this a test drive today but got stuck. I got sepgsql
compiled OK, but look what happens when I try to start the server:
[rhaas@f15selinux ~]$ postgres
FATAL: could not load library
"/home/rhaas/project/lib/postgresql/sepgsql.so":
/home/rhaas/project/lib/postgresql/sepgsql.so: undefined symbol:
getpeercon_raw
This is Fedora 15, with all available updates applied.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company