| From: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | PgHacker <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [sepgsql 2/3] Add db_schema:search permission checks |
| Date: | 2013-04-12 18:48:43 |
| Message-ID: | CADyhKSUsvc6orap1SxmHphTPN00Hz-zNH4toqh6dkySgqL6mHw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>> A problem regarding to validation of sepgsql-regtest policy module
>> is originated by semodule commands that takes root privilege to
>> list up installed policy modules. So, I avoided to use this command
>> in the test_sepgsql script.
>> However, I have an idea that does not raise script fail even if "sudo
>> semodule -l" returned an error, except for a case when it can run
>> correctly and the policy version is not expected one.
>> How about your opinion for this check?
>
> Not sure that's too useful. And I don't like the idea of putting sudo
> commands in a test harness script. That seems too much like the sort
> of thing bad people do.
>
OK, I also doubt whether my idea make sense.
The attached patch omitted the portion to check the version of
sepgsql-regtest, and add some notice in the document instead.
Also, it moves current directory to the contrib/sepgsql on top of
the script, to avoid the problem when we run test_sepgsql
on the directory except for contring/sepgsql.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| Attachment | Content-Type | Size |
|---|---|---|
| sepgsql-v9.3-test-script-fixup.v2.patch | application/octet-stream | 1.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-04-12 18:49:28 | Re: Detach/attach table and index data files from one cluster to another |
| Previous Message | Kohei KaiGai | 2013-04-12 18:44:47 | Re: [sepgsql 2/3] Add db_schema:search permission checks |