Thread

  1. Re: [v9.1] sepgsql - userspace access vector cache

    Kohei Kaigai <kohei.kaigai@emea.nec.com> — 2011-07-19T10:10:15Z

    > >> /etc/selinux/targeted/contexts/sepgsql_contexts:  line 33 has invalid object
    > >> type db_blobs
    > > It is not an error, but just a notification to inform users that
    > > sepgsql_contexts
    > > file contains invalid lines. It is harmless, so we can ignore them.
    > > I don't think sepgsql.sgml should mention about this noise, because it purely
    > > come from the problem in libselinux and refpolicy; these are external packages
    > > from viewpoint of PostgreSQL.
    > This is in contradiction with the current phrase in the documentation
    > that's right after the sepgsql.sql loading: "If the installation process
    > completes without error, you can now start the server normally". IMHO if
    > there are warnings that can be ignored, it would limit confusion for
    > sepgsql users if the documentation would say it at this point, e.g. "If
    > the installation process completes without error, you can now start the
    > server normally. Warnings from errors in sepgsql_contexts, a file
    > external to PostgreSQL, are harmless and can be ignored."
    > 
    Indeed, it might be confusable to understand whether the installation got
    completed correctly, or not.
    So, I appended more descriptions about this messages, as follows:
    
    +  <para>
    +   Please note that you may see the following notifications depending on
    +   the combination of a particular version of <productname>libselinux</>
    +   and <productname>selinux-policy</>.
    +<screen>
    +/etc/selinux/targeted/contexts/sepgsql_contexts:  line 33 has invalid object ty
    +</screen>
    +   It is harmless messages and already fixed. So, you can ignore these
    +   messages or update related packages to the latest version.
    +  </para>
    
    See the attached patch, that contains other 3 documentation updates.
    
    > Thank you for this clarification. I have some ideas of things that if
    > they were in the documentation they'd helped me. Instead of seeking
    > agreement on each item, I propose that I gather documentation additions
    > in a patch later after the review, and leave it up to you guys whether
    > to include them or not.
    > 
    OK, I like to check them. In addition, I'll also revise the wikipage in
    parallel to inform correctly.
    
    Thanks,
    --
    NEC Europe Ltd, SAP Global Competence Center
    KaiGai Kohei <kohei.kaigai@emea.nec.com>