Re: sepgsql seems rather thoroughly broken on Fedora 30

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Mike Palmiotto <mike.palmiotto@crunchydata.com>
Cc: pgsql-hackers@lists.postgresql.org, Joe Conway <mail@joeconway.com>
Date: 2019-07-19T03:06:31Z
Lists: pgsql-hackers
Mike Palmiotto <mike.palmiotto@crunchydata.com> writes:
> On Wed, Jul 17, 2019 at 12:32 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> $ runcon -t sepgsql_regtest_user_t psql --help
>> psql: fatal: could not look up effective user ID 1000: user does not exist

> I wonder what your password file is labeled. It ought to be:
> % ls -Z /etc/passwd
> system_u:object_r:passwd_file_t:s0 /etc/passwd

Good thought, but no cigar:

$ ls -Z /etc/passwd
system_u:object_r:passwd_file_t:s0 /etc/passwd

Happy to poke at anything else you can suggest.

			regards, tom lane



Commits

  1. Fix contrib/sepgsql test policy to work with latest SELinux releases.