The attached patch enables to abort configure script when we run it with '--with-selinux' option, but libselinux is older than minimum requirement to SE-PostgreSQL. As the documentation said, it needs libselinux-2.0.93 at least, because this or later version support selabel_lookup(3) for database object classes; used to initial labeling. The current configure script checks existence of libselinux, but no version checks. (getpeercon_raw(3) has been a supported API for a long term.) The selinux_sepgsql_context_path(3) is a good watermark of libselinux-2.0.93 instead. Thanks, -- NEC Europe Ltd, SAP Global Competence Center KaiGai Kohei <kohei.kaigai@xxxxxxxxxxxx> > -----Original Message----- > From: Devrim GÃNDÃZ [mailto:devrim@xxxxxxxxxx] > Sent: 21. Mai 2011 07:46 > To: Kohei Kaigai > Cc: Emanuel Calvo; postgresql Forums; KaiGai Kohei > Subject: Re: [GENERAL] Error compiling sepgsql in PG9.1 > > On Sat, 2011-05-21 at 02:50 +0100, Kohei Kaigai wrote: > > As documentation said, it needs libselinux 2.0.93 or higher. > > This version supports selabel_lookup(3) for database object classes. > > AFAICS, we are not checking it during configure. It might be worth to add libselinux version check > in the configure phase. > -- > Devrim GÃNDÃZ > Principal Systems Engineer @ EnterpriseDB: http://www.enterprisedb.com PostgreSQL > DanÄÅmanÄ/Consultant, Red Hat Certified Engineer > Community: devrim~PostgreSQL.org, devrim.gunduz~linux.org.tr http://www.gunduz.org Twitter: > http://twitter.com/devrimgunduz
Attachment:
sepgsql-fix-config-version.patch
Description: sepgsql-fix-config-version.patch
-- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
