mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve sepgsql and SECURITY LABEL documentation.

Browse Source 
KaiGai Kohei, based on feedback from Yeb Havinga, with some
corrections by me.
This commit is contained in:
Robert Haas 2011-07-20 09:22:57 -04:00
parent 550cd074f9
commit d79a601fd9
2 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
doc/src/sgml/ref/security_label.sgml
View File

@ -203,4 +203,12 @@ SECURITY LABEL FOR selinux ON TABLE mytable IS 'system_u:object_r:sepgsql_table_
There is no <command>SECURITY LABEL</command> command in the SQL standard. There is no <command>SECURITY LABEL</command> command in the SQL standard.
</para> </para>
</refsect1> </refsect1>
<refsect1>
<title>See Also</title>
<simplelist type="inline">
<member><xref linkend="sepgsql"></member>
<member><xref linkend="dummy-seclabel"></member>
</simplelist>
</refsect1>
</refentry> </refentry>

28
doc/src/sgml/sepgsql.sgml
View File

@ -96,11 +96,13 @@ Policy from config file: targeted
<para> <para>
The following instructions that assume your installation is under the The following instructions that assume your installation is under the
<filename>/usr/local/pgsql</> directory. Adjust the paths shown below as <filename>/usr/local/pgsql</> directory and the database cluster is
appropriate for your installation. under the <filename>/path/to/database</> directory. Adjust the paths
shown below as appropriate for your installation.
</para> </para>
<screen> <screen>
$ export PGDATA=/path/to/database
$ initdb $ initdb
$ vi $PGDATA/postgresql.conf $ vi $PGDATA/postgresql.conf
$ for DBNAME in template0 template1 postgres; do $ for DBNAME in template0 template1 postgres; do
@ -113,6 +115,16 @@ $ for DBNAME in template0 template1 postgres; do
If the installation process completes without error, you can now start the If the installation process completes without error, you can now start the
server normally. server normally.
</para> </para>
<para>
Please note that you may see the following notifications depending on
the combination of a particular version of <productname>libselinux</>
and <productname>selinux-policy</>.
<screen>
/etc/selinux/targeted/contexts/sepgsql_contexts: line 33 has invalid object type db_blobs
</screen>
This message is harmless and may be safely ignored.
</para>
</sect2> </sect2>
<sect2 id="sepgsql-regression"> <sect2 id="sepgsql-regression">
@ -124,7 +136,15 @@ $ for DBNAME in template0 template1 postgres; do
</para> </para>
<para> <para>
First, build and install the policy package for the regression test. First, set up <productname>sepgsql</productname> according to
the <xref linkend="sepgsql-installation">. The regression test is
intended to be run on a system with a working SE-Linux implementation.
The current operating system user must be able to connect to the database
as superuser without authentication.
</para>
<para>
Second, build and install the policy package for the regression test.
The <filename>sepgsql-regtest.pp</> is a special purpose policy package The <filename>sepgsql-regtest.pp</> is a special purpose policy package
which provides a set of rules to be allowed during the regression tests. which provides a set of rules to be allowed during the regression tests.
It should be built from the policy source file It should be built from the policy source file
@ -149,7 +169,7 @@ sepgsql-regtest 1.03
</screen> </screen>
<para> <para>
Second, turn on <literal>sepgsql_regression_test_mode</>. Third, turn on <literal>sepgsql_regression_test_mode</>.
We don't enable all the rules in the <filename>sepgsql-regtest.pp</> We don't enable all the rules in the <filename>sepgsql-regtest.pp</>
by default, for your system's safety. by default, for your system's safety.
The <literal>sepgsql_regression_test_mode</literal> parameter is associated The <literal>sepgsql_regression_test_mode</literal> parameter is associated