2011-01-23 20:44:48 -05:00
|
|
|
#!/bin/sh
|
|
|
|
|
#
|
|
|
|
|
# A wrapper script to launch psql command in regression test
|
|
|
|
|
#
|
2012-01-01 18:01:58 -05:00
|
|
|
# Copyright (c) 2010-2012, PostgreSQL Global Development Group
|
2011-01-23 20:44:48 -05:00
|
|
|
#
|
|
|
|
|
# -------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
if [ $# -lt 1 ]; then
|
|
|
|
|
echo "usage: `basename $0` <command> [options...]"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
RUNCON=`which runcon`
|
|
|
|
|
if [ ! -e "$RUNCON" ]; then
|
|
|
|
|
echo "runcon command is not found"
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Read SQL from stdin
|
|
|
|
|
#
|
|
|
|
|
TEMP=`mktemp`
|
Fix sepgsql regression tests (9.2-only patch).
The regression tests for sepgsql were broken by changes in the
base distro as-shipped policies. Specifically, definition of
unconfined_t in the system default policy was changed to bypass
multi-category rules, which the regression test depended on.
Fix that by defining a custom privileged domain
(sepgsql_regtest_superuser_t) and using it instead of system's
unconfined_t domain. The new sepgsql_regtest_superuser_t domain
performs almost like the current unconfined_t, but restricted by
multi-category policy as the traditional unconfined_t was.
The custom policy module is a self defined domain, and so should not
be affected by related future system policy changes. However, it still
uses the unconfined_u:unconfined_r pair for selinux-user and role.
Those definitions have not been changed for several years and seem
less risky to rely on than the unconfined_t domain. Additionally, if
we define custom user/role, they would need to be manually defined
at the operating system level, adding more complexity to an already
non-standard and complex regression test.
Applies only to 9.2. Unlike the previous similar patch, commit 794e2558b,
this also fixes a bug related to processing SELECT INTO statement.
Because v9.2 didn't have ObjectAccessPostCreate to inform the context
when a relation is newly created, sepgsql had an alternative method.
However, related code in sepgsql_object_access() neglected to consider
T_CreateTableAsStmt, thus no label was assigned on the new relation.
This logic was removed and replaced starting in 9.3.
Patch by Kohei KaiGai.
2015-09-22 17:58:38 -04:00
|
|
|
CONTEXT="unconfined_u:unconfined_r:sepgsql_regtest_superuser_t:s0-s0:c0.c255"
|
2011-01-23 20:44:48 -05:00
|
|
|
|
|
|
|
|
while IFS='\\n' read LINE
|
|
|
|
|
do
|
|
|
|
|
if echo "$LINE" | grep -q "^-- @SECURITY-CONTEXT="; then
|
|
|
|
|
if [ -s "$TEMP" ]; then
|
|
|
|
|
if [ -n "$CONTEXT" ]; then
|
|
|
|
|
"$RUNCON" "$CONTEXT" $* < "$TEMP"
|
|
|
|
|
else
|
|
|
|
|
$* < $TEMP
|
|
|
|
|
fi
|
|
|
|
|
truncate -s0 $TEMP
|
|
|
|
|
fi
|
|
|
|
|
CONTEXT=`echo "$LINE" | sed 's/^-- @SECURITY-CONTEXT=//g'`
|
|
|
|
|
LINE="SELECT sepgsql_getcon(); -- confirm client privilege"
|
|
|
|
|
fi
|
|
|
|
|
echo "$LINE" >> $TEMP
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ -s "$TEMP" ]; then
|
|
|
|
|
if [ -n "$CONTEXT" ]; then
|
|
|
|
|
"$RUNCON" "$CONTEXT" $* < "$TEMP"
|
|
|
|
|
else
|
|
|
|
|
$* < $TEMP
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# cleanup temp file
|
|
|
|
|
rm -f $TEMP
|
