@@ -9,6 +9,33 @@ PG_DATADIR="$2"
99
1010echo
1111echo " ============== checking selinux environment =============="
12+ #
13+ # Test.0 - necessary commands for environment checks
14+ #
15+ echo -n" test installed commands ..."
16+ if ! which --help>& /dev/null; then
17+ echo " failed"
18+ echo
19+ echo " 'which' command was not found, executable or installed."
20+ echo " Please make sure your PATH, or install this command at first."
21+ echo
22+ echo " If yum is available on your system, it will suggest packages"
23+ echo " to be installed:"
24+ echo " # yum provides which"
25+ exit 1
26+ fi
27+ if ! matchpathcon -n />& /dev/null; then
28+ echo " failed"
29+ echo
30+ echo " 'matchpathcon' command was not found, executable or installed."
31+ echo " Please make sure your PATH, or install this command at first."
32+ echo
33+ echo " If yum is available on your system, it will suggest packages"
34+ echo " to be installed:"
35+ echo " # yum provides which"
36+ exit 1
37+ fi
38+ echo " ok"
1239
1340#
1441# Test.1 - must be launched at unconfined_t domain
164191echo " ok"
165192
166193#
167- # Test.8 - 'psql' command must belabeled as 'bin_t' type
194+ # Test.8 - 'psql' command must beexecutable by test domain
168195#
169- echo -n" testlabel of psql"
196+ echo -n" testexecution of psql ..."
170197
171198CMD_PSQL=" ${PG_BINDIR} /psql"
172- LABEL_PSQL= ` stat -c ' %C ' ${CMD_PSQL} | sed ' s/:/ /g ' | awk ' {print $3} ' `
173- if [" ${LABEL_PSQL} " != " bin_t " ; then
199+ ${CMD_RUNCON} -t sepgsql_regtest_user_t ${CMD_PSQL} --help >& /dev/null
200+ if [$? -ne 0 ]; then
174201echo " failed"
175202echo
176- echo " The${CMD_PSQL} must be labeled as bin_t type."
177- echo " You can assign right label using restorecon, as follows:"
203+ echo " The${CMD_PSQL} must be executable by sepgsql_regtest_user_t"
204+ echo " domain. It has restricted privileges compared to unconfined_t,"
205+ echo " so you should ensure whether this command is labeled correctly."
178206echo
179207echo " \$ su - (not needed, if you owns installation directory)"
180- echo " # restorecon -R${PG_BINDIR} "
181- echo
182- echo " Or, using chcon"
183- echo
184- echo " # chcon -t bin_t${CMD_PSQL} "
208+ EXPECT_PSQL=` matchpathcon -n${CMD_PSQL} | sed' s/:/ /g' | awk' {print $3}' `
209+ if [" ${EXPECT_PSQL} " = " user_home_t" ; then
210+ # # Case of installation on /home directory
211+ echo " # restorecon -R${PG_BINDIR} "
212+ echo
213+ echo " Or, using chcon"
214+ echo
215+ echo " # chcon -t user_home_t${CMD_PSQL} "
216+ else
217+ echo " \$ su - (not needed, if you own the installation directory)"
218+ echo " # restorecon -R${PG_BINDIR} "
219+ echo
220+ echo " Or, using chcon"
221+ echo
222+ echo " # chcon -t bin_t${CMD_PSQL} "
223+ fi
185224echo
186225exit 1
187226fi