Greetings, * Tom Lane (t...@sss.pgh.pa.us) wrote: > Yuli Khodorkovskiy <yuli.khodorkovs...@crunchydata.com> writes: > > Ah, now I remember why I didn't add regressions to the original patch. > > As stated at the top of the thread, the "db_table: { truncate }" > > permission does not currently exist in refpolicy. A workaround would > > be to add the policy with CIL, but that adds unneeded complexity to > > the regressions. I think the correct path forward is: > > > 1) Get the sepgsql changes in without policy/regressions > > 2) Send a patch to refpolicy for the new permission > > 3) Once Redhat updates the selinux-policy-targeted RPM to include the > > new permissions, I will send an update to the sepgsql regressions and > > policy. > > That's going to be a problem. I do not think it will be acceptable > to commit tests that fail on less-than-bleeding-edge SELinux.
This is why I was suggesting up-thread that it'd be neat if we made this somehow optional, though I don't quite see a way to do that sensibly. We could though, of course, make running the regression test optional and then have a buildfarm member that's got the bleeding-edge SELinux (or is just configured with the additional control) and then have it enabled there. Thanks, Stephen
signature.asc
Description: PGP signature