Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: Review Request: sepostgresql - Security-Enhanced PostgreSQL
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249522
------- Additional Comments From kaigai@kaigai.gr.jp 2007-08-10 02:44 EST ------- Created an attachment (id=161040) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=161040&action=vie...) init script of sepostgresql-8.2.4-0.418.beta.fc8
Here is the new version of SE-PostgreSQL SpecURL: http://sepgsql.googlecode.com/files/sepostgresql.spec SrpmURL: http://sepgsql.googlecode.com/files/sepostgresql-8.2.4-0.418.beta.fc8.src.rp...
(In reply to comment #24)
Well, actually unless bug 250494 is resolved, it seems that I cannot go further on this review request??
Yes, it depends on selinux-package with object classes definition for SE-PostgreSQL, so it has to be resolved. Fortunatelly, these new object classes are merged into the upstreamed reference policy yesterday. I think it will be integrated within the selinux-policy package soon. http://marc.info/?l=selinux&m=118666527208126&w=2
The new version of SE-PostgreSQL contains some modifications of the init script.
However for initscripts:
- lock file and pid file
- Usually when daemon is running, there should be two files
- /var/run/<daemon name>.pid - contains the info of the pid number
- /var/lock/subsys/<daemon name>
I added a code to create lock file and pid file on startup, and to remove them on shutdown. rpmlint got a silent.
I uses "/var/lock/subsys/${NAME}.lock" as a pathname of the lock file. It is same manner with postgresql's one, but rpmlint made warnings. Should it be replaced by an immediate value?
- status
- and what does "service sepostgresql status" return? Usually the format is:
[root@localhost ~]# LANG=C service xfs status xfs (pid 2343) is running...
It displays the following message. ------------------------------------------ [root@masu ~]# service sepostgresql status sepostgresql: server is running (PID: 11726) [root@masu ~]# service sepostgresql stop Stopping sepostgresql service: [ OK ] [root@masu ~]# service sepostgresql status sepostgresql: no server running [root@masu ~]# echo $? 3 [root@masu ~]# ------------------------------------------
In addition, I updated the path of the commands run by /sbin/runuser as follows: | cd ${SEPGSQL_BIN} | /sbin/runuser sepgsql -- -c "./pg_ctl -D ${SEPGSQL_DATA} status"
When /sbin/runuser is run with CWD sepgsql cannot access, typically /root, a noisy warnning message will be generated. "cd ${SEPGSQL_BIN}" ensure that sepgsql can be placed on his accesable CWD.