Dave Page writes:
> On Tue, Jan 11, 2022 at 5:55 PM Tom Lane wrote:
>> So it looks like their plan is to unconditionally write "permissive=0"
>> or "permissive=1", while Dave's patch just prints nothing in enforcing
>> mode. While I can see some virtue in brevity, I think that doing
>> exactly w
On Tue, Jan 11, 2022 at 5:55 PM Tom Lane wrote:
> Andrew Dunstan writes:
> > I am not that person either. I agree this looks reasonable, but I also
> > would like the opinion of an expert, if we have one.
>
> I'm not sure we do anymore. Anyway, I tried this on Fedora 35 and
> confirmed that it
Andrew Dunstan writes:
> I am not that person either. I agree this looks reasonable, but I also
> would like the opinion of an expert, if we have one.
I'm not sure we do anymore. Anyway, I tried this on Fedora 35 and
confirmed that it compiles and the (very tedious) test process
described in the
On 1/11/22 10:40, Dave Page wrote:
>
>
> On Wed, 2021-04-14 at 09:49 -0400, Robert Haas wrote:
> > Looks superficially reasonable on first glance, but I think we
> should
> > try to get an opinion from someone who knows more about SELinux.
>
> I am not that someone, but this l
Hi
On Tue, Jan 11, 2022 at 12:04 AM Jacob Champion
wrote:
> On Wed, Apr 14, 2021 at 8:42 AM Dave Page wrote:
> > Attached is a patch to clean this up. It will log denials as such
> > regardless of whether or not either selinux or sepgsql is in
> > permissive mode. When either is in permissive m
On Wed, Apr 14, 2021 at 8:42 AM Dave Page wrote:
> Attached is a patch to clean this up. It will log denials as such
> regardless of whether or not either selinux or sepgsql is in
> permissive mode. When either is in permissive mode, it'll add "
> permissive=1" to the end of the log messages. e.g.
On Wed, Apr 14, 2021 at 8:42 AM Dave Page wrote:
> Attached is a patch to clean this up. It will log denials as such regardless
> of whether or not either selinux or sepgsql is in permissive mode. When
> either is in permissive mode, it'll add " permissive=1" to the end of the log
> messages. e
Hi
On Thu, Apr 1, 2021 at 3:30 PM Dave Page wrote:
>
>
> On Thu, Apr 1, 2021 at 3:23 PM Tom Lane wrote:
>
>> Andrew Dunstan writes:
>> > On 4/1/21 8:32 AM, Dave Page wrote:
>> >> It seems to me that sepgsql should also log the denial, but flag that
>> >> permissive mode is on.
>>
>> > +1 for d
On Thu, Apr 1, 2021 at 3:23 PM Tom Lane wrote:
> Andrew Dunstan writes:
> > On 4/1/21 8:32 AM, Dave Page wrote:
> >> It seems to me that sepgsql should also log the denial, but flag that
> >> permissive mode is on.
>
> > +1 for doing what selinux does if possible.
>
> +1. If selinux itself is d
Andrew Dunstan writes:
> On 4/1/21 8:32 AM, Dave Page wrote:
>> It seems to me that sepgsql should also log the denial, but flag that
>> permissive mode is on.
> +1 for doing what selinux does if possible.
+1. If selinux itself is doing that, it's hard to see a reason why
we should not; and I c
On 4/1/21 8:32 AM, Dave Page wrote:
> Hi
>
> I've been trying to figure out selinux with sepgsql (which is proving
> quite difficult as there is an almost total lack of
> documentation/blogs etc. on the topic) and ran into an issue. Whilst
> my system had selinux in enforcing mode, I mistakenly h
Hi
I've been trying to figure out selinux with sepgsql (which is proving quite
difficult as there is an almost total lack of documentation/blogs etc. on
the topic) and ran into an issue. Whilst my system had selinux in enforcing
mode, I mistakenly had sepgsql in permissive mode. I created a table
12 matches
Mail list logo
