Re: sepgsql seems rather thoroughly broken on Fedora 30

Mike Palmiotto <mike.palmiotto@crunchydata.com> writes:
> On Fri, Jul 19, 2019 at 4:29 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> I can confirm that the 0001 patch fixes things on my Fedora 30 box.
>> So that's good, though I don't know enough to evaluate it for style
>> or anything like that.

> I think the policy is in need of review/rewriting anyway. The proper
> thing to do would be to create a common template for all of the
> SELinux regtest user domains and create more of a hierarchical policy
> to reduce redundancy. If you want to wait for more formal policy
> updates, I can do that in my spare time. Otherwise, the patch I posted
> should work with the general style of this policy module.

Hearing no further comments, I went ahead and pushed 0001 (after
checking that it works on F28, which is the oldest Fedora version
I have at hand right now).  Stylistic improvements to the script
are fine, but let's get the bug fixed for now.

BTW, I noticed that the documentation about how to run the tests
is a bit stale as well --- for instance, it says to use

    $ sudo semodule -u sepgsql-regtest.pp

but that slaps your wrist:

    The --upgrade option is deprecated. Use --install instead.

So if anyone does feel like polishing things in this area, some doc
review seems indicated.

            regards, tom lane