Improve sepgsql and SECURITY LABEL documentation.

KaiGai Kohei, based on feedback from Yeb Havinga, with some corrections by me.
2024-12-21 08:29:39 +08:00 · 2011-07-20 09:22:57 -04:00 · 2011-07-20 09:22:57 -04:00 · d79a601fd9
commit d79a601fd9
parent 550cd074f9
2 changed files with 32 additions and 4 deletions
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@ -203,4 +203,12 @@ SECURITY LABEL FOR selinux ON TABLE mytable IS 'system_u:object_r:sepgsql_table_
   There is no <command>SECURITY LABEL</command> command in the SQL standard.
  </para>
 </refsect1>
+
+ <refsect1>
+  <title>See Also</title>
+  <simplelist type="inline">
+   <member><xref linkend="sepgsql"></member>
+   <member><xref linkend="dummy-seclabel"></member>
+  </simplelist>
+ </refsect1>
 </refentry>
--- a/doc/src/sgml/sepgsql.sgml
+++ b/doc/src/sgml/sepgsql.sgml
@ -96,11 +96,13 @@ Policy from config file:        targeted

  <para>
   The following instructions that assume your installation is under the
-   <filename>/usr/local/pgsql</> directory. Adjust the paths shown below as
-   appropriate for your installation.
+   <filename>/usr/local/pgsql</> directory and the database cluster is
+   under the <filename>/path/to/database</> directory. Adjust the paths
+   shown below as appropriate for your installation.
  </para>

 <screen>
+$ export PGDATA=/path/to/database
 $ initdb
 $ vi $PGDATA/postgresql.conf
 $ for DBNAME in template0 template1 postgres; do
@ -113,6 +115,16 @@ $ for DBNAME in template0 template1 postgres; do
   If the installation process completes without error, you can now start the
   server normally.
  </para>
+
+  <para>
+   Please note that you may see the following notifications depending on
+   the combination of a particular version of <productname>libselinux</>
+   and <productname>selinux-policy</>.
+<screen>
+/etc/selinux/targeted/contexts/sepgsql_contexts:  line 33 has invalid object type db_blobs
+</screen>
+   This message is harmless and may be safely ignored.
+  </para>
 </sect2>

 <sect2 id="sepgsql-regression">
@ -124,7 +136,15 @@ $ for DBNAME in template0 template1 postgres; do
  </para>

  <para>
-   First, build and install the policy package for the regression test.
+   First, set up <productname>sepgsql</productname> according to
+   the <xref linkend="sepgsql-installation">.  The regression test is
+   intended to be run on a system with a working SE-Linux implementation.
+   The current operating system user must be able to connect to the database
+   as superuser without authentication.
+  </para>
+
+  <para>
+   Second, build and install the policy package for the regression test.
   The <filename>sepgsql-regtest.pp</> is a special purpose policy package
   which provides a set of rules to be allowed during the regression tests.
   It should be built from the policy source file 
@ -149,7 +169,7 @@ sepgsql-regtest 1.03
 </screen>

  <para>
-   Second, turn on <literal>sepgsql_regression_test_mode</>.
+   Third, turn on <literal>sepgsql_regression_test_mode</>.
   We don't enable all the rules in the <filename>sepgsql-regtest.pp</>
   by default, for your system's safety.
   The <literal>sepgsql_regression_test_mode</literal> parameter is associated