2011/8/18 Robert Haas <robertmh...@gmail.com>: > On Thu, Aug 18, 2011 at 1:17 PM, Kohei Kaigai <kohei.kai...@emea.nec.com> > wrote: >>> That's lame. I think we need to patch contrib/sepgsql so that it >>> fails to build in that case, rather than building and then not >>> working. >>> >> It might be the following fix, but I have no idea to generate an error when >> $(with_selinux) != "yes" on makefile. > > Actually, as I look at this more, I think this build system is > completely mis-designed. Given that you want to build sepgsql, > selinux is not an optional feature. So the stuff in > contrib/sepgsql/Makefile that is intended to link against libselinux > only if --with-selinux was specified at configure time is nonsense. > We should just ALWAYS try to link against libselinux, and if it's not > there, then at least it'll fail right away at compile time instead of > appearing to compile OK but producing an so that then fails to load at > runtime. > > The only actual legitimate purpose of --with-selinux is to allow > contrib/Makefile to decide whether, when someone tries to build "all > the contrib modules", we should try to build sepgsql too. > I agree.
So, it seems to me we also need to revise configure script, not only Makefile of sepgsql. On configure script, we may need to check availability of libselinux on the build system, independent from --with-selinux. But it should not raise an error even if appropriate libselinux was not available; except for the case when --with-selinux was explicitly given. It just set flags of HAVE_SELINUX, instead. I injected #error condition in sepgsql.h that shall be fired if user tries to build contrib/sepgsql module without libselinux. And, Makefile was revised to link libselinux always. How about this design? Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp>
configure.in | 9 +++++---- contrib/sepgsql/Makefile | 2 +- contrib/sepgsql/sepgsql.h | 3 +++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/configure.in b/configure.in index a844afc..cf95a7c 100644 --- a/configure.in +++ b/configure.in @@ -963,10 +963,11 @@ if test "$with_libxslt" = yes ; then fi # for contrib/sepgsql -if test "$with_selinux" = yes; then - AC_CHECK_LIB(selinux, selinux_sepgsql_context_path, [], - [AC_MSG_ERROR([library 'libselinux', version 2.0.93 or newer, is required for SELinux support])]) -fi +AC_CHECK_LIB(selinux, selinux_sepgsql_context_path, + [AC_DEFINE(HAVE_LIBSELINUX)], + [if test "$with_selinux" = yes; then + AC_MSG_ERROR([library 'libselinux', version 2.0.93 or newer, is required for SELinux support]) + fi]) # for contrib/uuid-ossp if test "$with_ossp_uuid" = yes ; then diff --git a/contrib/sepgsql/Makefile b/contrib/sepgsql/Makefile index 7f997ee..1978ccf 100644 --- a/contrib/sepgsql/Makefile +++ b/contrib/sepgsql/Makefile @@ -19,7 +19,7 @@ include $(top_builddir)/src/Makefile.global include $(top_srcdir)/contrib/contrib-global.mk endif -SHLIB_LINK += $(filter -lselinux, $(LIBS)) +SHLIB_LINK += -lselinux REGRESS_OPTS += --launcher $(top_builddir)/contrib/sepgsql/launcher check_selinux_environment: diff --git a/contrib/sepgsql/sepgsql.h b/contrib/sepgsql/sepgsql.h index 71688ab..455b638 100644 --- a/contrib/sepgsql/sepgsql.h +++ b/contrib/sepgsql/sepgsql.h @@ -15,6 +15,9 @@ #include "fmgr.h" #include <selinux/selinux.h> +#ifndef HAVE_LIBSELINUX +#error libselinux is required for SELinux support +#endif /* * SE-PostgreSQL Label Tag
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers