Re: [v9.1] sepgsql - userspace access vector cache
Kohei KaiGai <kaigai@kaigai.gr.jp>
From: Kohei KaiGai <kaigai@kaigai.gr.jp>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Kohei Kaigai <Kohei.Kaigai@emea.nec.com>, Yeb Havinga <yebhavinga@gmail.com>, PgHacker <pgsql-hackers@postgresql.org>
Date: 2011-08-19T09:44:42Z
Lists: pgsql-hackers
Attachments
- pgsql-fix-sepgsql-build.patch (text/x-patch)
2011/8/18 Robert Haas <robertmhaas@gmail.com>: > On Thu, Aug 18, 2011 at 1:17 PM, Kohei Kaigai <Kohei.Kaigai@emea.nec.com> wrote: >>> That's lame. I think we need to patch contrib/sepgsql so that it >>> fails to build in that case, rather than building and then not >>> working. >>> >> It might be the following fix, but I have no idea to generate an error when $(with_selinux) != "yes" on makefile. > > Actually, as I look at this more, I think this build system is > completely mis-designed. Given that you want to build sepgsql, > selinux is not an optional feature. So the stuff in > contrib/sepgsql/Makefile that is intended to link against libselinux > only if --with-selinux was specified at configure time is nonsense. > We should just ALWAYS try to link against libselinux, and if it's not > there, then at least it'll fail right away at compile time instead of > appearing to compile OK but producing an so that then fails to load at > runtime. > > The only actual legitimate purpose of --with-selinux is to allow > contrib/Makefile to decide whether, when someone tries to build "all > the contrib modules", we should try to build sepgsql too. > I agree. So, it seems to me we also need to revise configure script, not only Makefile of sepgsql. On configure script, we may need to check availability of libselinux on the build system, independent from --with-selinux. But it should not raise an error even if appropriate libselinux was not available; except for the case when --with-selinux was explicitly given. It just set flags of HAVE_SELINUX, instead. I injected #error condition in sepgsql.h that shall be fired if user tries to build contrib/sepgsql module without libselinux. And, Makefile was revised to link libselinux always. How about this design? Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>