Improve sepgsql and SECURITY LABEL documentation.

KaiGai Kohei, based on feedback from Yeb Havinga, with some corrections by me.

Improve sepgsql and SECURITY LABEL documentation.
KaiGai Kohei, based on feedback from Yeb Havinga, with some corrections by me.
d79a601f · Robert Haas · 550cd074 · d79a601f · d79a601f
Commit d79a601f authored Jul 20, 2011 by Robert Haas
Show whitespace changes
Inline Side-by-side

Showing with 32 additions and 4 deletions

doc/src/sgml/ref/security_label.sgml doc/src/sgml/ref/security_label.sgml +8 -0

doc/src/sgml/sepgsql.sgml doc/src/sgml/sepgsql.sgml +24 -4

No files found.
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -203,4 +203,12 @@ SECURITY LABEL FOR selinux ON TABLE mytable IS 'system_u:object_r:sepgsql_table_
   There is no <command>SECURITY LABEL</command> command in the SQL standard.
  </para>
 </refsect1>
+ <refsect1>
+  <title>See Also</title>
+  <simplelist type="inline">
+   <member><xref linkend="sepgsql"></member>
+   <member><xref linkend="dummy-seclabel"></member>
+  </simplelist>
+ </refsect1>
 </refentry>
--- a/doc/src/sgml/sepgsql.sgml
+++ b/doc/src/sgml/sepgsql.sgml
@@ -96,11 +96,13 @@ Policy from config file:        targeted
  <para>
   The following instructions that assume your installation is under the
-   <filename>/usr/local/pgsql</> directory. Adjust the paths shown below as
+   <filename>/usr/local/pgsql</> directory and the database cluster is
-   appropriate for your installation.
+   under the <filename>/path/to/database</> directory. Adjust the paths
+   shown below as appropriate for your installation.
  </para>
 <screen>
+$ export PGDATA=/path/to/database
 $ initdb
 $ vi $PGDATA/postgresql.conf
 $ for DBNAME in template0 template1 postgres; do
@@ -113,6 +115,16 @@ $ for DBNAME in template0 template1 postgres; do
   If the installation process completes without error, you can now start the
   server normally.
  </para>
+  <para>
+   Please note that you may see the following notifications depending on
+   the combination of a particular version of <productname>libselinux</>
+   and <productname>selinux-policy</>.
+<screen>
+/etc/selinux/targeted/contexts/sepgsql_contexts:  line 33 has invalid object type db_blobs
+</screen>
+   This message is harmless and may be safely ignored.
+  </para>
 </sect2>
 <sect2 id="sepgsql-regression">
@@ -124,7 +136,15 @@ $ for DBNAME in template0 template1 postgres; do
  </para>
  <para>
-   First, build and install the policy package for the regression test.
+   First, set up <productname>sepgsql</productname> according to
+   the <xref linkend="sepgsql-installation">.  The regression test is
+   intended to be run on a system with a working SE-Linux implementation.
+   The current operating system user must be able to connect to the database
+   as superuser without authentication.
+  </para>
+  <para>
+   Second, build and install the policy package for the regression test.
   The <filename>sepgsql-regtest.pp</> is a special purpose policy package
   which provides a set of rules to be allowed during the regression tests.
   It should be built from the policy source file 
@@ -149,7 +169,7 @@ sepgsql-regtest 1.03
 </screen>
  <para>
-   Second, turn on <literal>sepgsql_regression_test_mode</>.
+   Third, turn on <literal>sepgsql_regression_test_mode</>.
   We don't enable all the rules in the <filename>sepgsql-regtest.pp</>
   by default, for your system's safety.
   The <literal>sepgsql_regression_test_mode</literal> parameter is associated