Re: sepgsql logging

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Dave Page <dpage@pgadmin.org>
Cc: Andrew Dunstan <andrew@dunslane.net>, Jacob Champion <pchampion@vmware.com>, "robertmhaas@gmail.com" <robertmhaas@gmail.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-01-12T19:24:09Z
Lists: pgsql-hackers
Dave Page <dpage@pgadmin.org> writes:
> On Tue, Jan 11, 2022 at 5:55 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> So it looks like their plan is to unconditionally write "permissive=0"
>> or "permissive=1", while Dave's patch just prints nothing in enforcing
>> mode.  While I can see some virtue in brevity, I think that doing
>> exactly what SELinux does is probably a better choice.  For one thing,
>> it'd remove doubt about whether one is looking at a log from a sepgsql
>> version that logs this or one that doesn't.

> Here's an update that adds the "permissive=0" case.

You forgot to update the expected-results files :-(.
Done and pushed.

			regards, tom lane



Commits

  1. Include permissive/enforcing state in sepgsql log messages.