[Bug 249522] Review Request: sepostgresql - Security-Enhanced PostgreSQL
bugzilla at redhat.com
bugzilla at redhat.com
Fri Aug 10 06:44:38 UTC 2007
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: Review Request: sepostgresql - Security-Enhanced PostgreSQL
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249522
------- Additional Comments From kaigai at kaigai.gr.jp 2007-08-10 02:44 EST -------
Created an attachment (id=161040)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=161040&action=view)
init script of sepostgresql-8.2.4-0.418.beta.fc8
Here is the new version of SE-PostgreSQL
SpecURL: http://sepgsql.googlecode.com/files/sepostgresql.spec
SrpmURL:
http://sepgsql.googlecode.com/files/sepostgresql-8.2.4-0.418.beta.fc8.src.rpm
(In reply to comment #24)
> Well, actually unless bug 250494 is resolved, it seems that
> I cannot go further on this review request??
Yes, it depends on selinux-package with object classes definition for
SE-PostgreSQL, so it has to be resolved.
Fortunatelly, these new object classes are merged into the upstreamed reference
policy yesterday.
I think it will be integrated within the selinux-policy package soon.
http://marc.info/?l=selinux&m=118666527208126&w=2
The new version of SE-PostgreSQL contains some modifications of the init
script.
> However for initscripts:
> * lock file and pid file
> - Usually when daemon is running, there should be two files
> - /var/run/<daemon name>.pid - contains the info of the pid
> number
> - /var/lock/subsys/<daemon name>
I added a code to create lock file and pid file on startup, and to remove them
on shutdown. rpmlint got a silent.
I uses "/var/lock/subsys/${NAME}.lock" as a pathname of the lock file.
It is same manner with postgresql's one, but rpmlint made warnings.
Should it be replaced by an immediate value?
> * status
> - and what does "service sepostgresql status" return?
> Usually the format is:
> ----------------------------------------------------
> [root at localhost ~]# LANG=C service xfs status
> xfs (pid 2343) is running...
> ----------------------------------------------------
It displays the following message.
------------------------------------------
[root at masu ~]# service sepostgresql status
sepostgresql: server is running (PID: 11726)
[root at masu ~]# service sepostgresql stop
Stopping sepostgresql service: [ OK ]
[root at masu ~]# service sepostgresql status
sepostgresql: no server running
[root at masu ~]# echo $?
3
[root at masu ~]#
------------------------------------------
In addition, I updated the path of the commands run by /sbin/runuser as
follows:
| cd ${SEPGSQL_BIN}
| /sbin/runuser sepgsql -- -c "./pg_ctl -D ${SEPGSQL_DATA} status"
When /sbin/runuser is run with CWD sepgsql cannot access, typically /root, a
noisy warnning message will be generated.
"cd ${SEPGSQL_BIN}" ensure that sepgsql can be placed on his accesable CWD.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-package-review
mailing list