Skip to content

Commit

Permalink
Add SECURITY LABEL provider to acceptance test postgres db.
Browse files Browse the repository at this point in the history
  • Loading branch information
jbunting committed Oct 18, 2023
1 parent a961e75 commit 4e5b85b
Show file tree
Hide file tree
Showing 6 changed files with 95 additions and 1 deletion.
6 changes: 6 additions & 0 deletions tests/build/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
FROM postgres:${PGVERSION:-latest}

RUN apt-get update && apt-get install -y build-essential postgresql-server-dev-all
COPY dummy_seclabel /opt/dummy_seclabel
WORKDIR /opt/dummy_seclabel
RUN make
13 changes: 13 additions & 0 deletions tests/build/dummy_seclabel/Makefile
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# src/test/modules/dummy_seclabel/Makefile

MODULES = dummy_seclabel
PGFILEDESC = "dummy_seclabel - regression testing of the SECURITY LABEL statement"

EXTENSION = dummy_seclabel
DATA = dummy_seclabel--1.0.sql

REGRESS = dummy_seclabel

PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs)
include $(PGXS)
8 changes: 8 additions & 0 deletions tests/build/dummy_seclabel/dummy_seclabel--1.0.sql
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
/* src/test/modules/dummy_seclabel/dummy_seclabel--1.0.sql */

-- complain if script is sourced in psql, rather than via CREATE EXTENSION
\echo Use "CREATE EXTENSION dummy_seclabel" to load this file. \quit

CREATE FUNCTION dummy_seclabel_dummy()
RETURNS pg_catalog.void
AS 'MODULE_PATHNAME' LANGUAGE C;
60 changes: 60 additions & 0 deletions tests/build/dummy_seclabel/dummy_seclabel.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
/*
* dummy_seclabel.c
*
* Dummy security label provider.
*
* This module does not provide anything worthwhile from a security
* perspective, but allows regression testing independent of platform-specific
* features like SELinux.
*
* Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*/
#include "postgres.h"

#include "commands/seclabel.h"
#include "fmgr.h"
#include "miscadmin.h"
#include "utils/rel.h"

PG_MODULE_MAGIC;

PG_FUNCTION_INFO_V1(dummy_seclabel_dummy);

static void
dummy_object_relabel(const ObjectAddress *object, const char *seclabel)
{
if (seclabel == NULL ||
strcmp(seclabel, "unclassified") == 0 ||
strcmp(seclabel, "classified") == 0)
return;

if (strcmp(seclabel, "secret") == 0 ||
strcmp(seclabel, "top secret") == 0)
{
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
errmsg("only superuser can set '%s' label", seclabel)));
return;
}
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("'%s' is not a valid security label", seclabel)));
}

void
_PG_init(void)
{
register_label_provider("dummy", dummy_object_relabel);
}

/*
* This function is here just so that the extension is not completely empty
* and the dynamic library is loaded when CREATE EXTENSION runs.
*/
Datum
dummy_seclabel_dummy(PG_FUNCTION_ARGS)
{
PG_RETURN_VOID();
}
4 changes: 4 additions & 0 deletions tests/build/dummy_seclabel/dummy_seclabel.control
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
comment = 'Test code for SECURITY LABEL feature'
default_version = '1.0'
module_pathname = '$libdir/dummy_seclabel'
relocatable = true
5 changes: 4 additions & 1 deletion tests/docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,17 @@ version: "3"

services:
postgres:
image: postgres:${PGVERSION:-latest}
build: build
# image: postgres:${PGVERSION:-latest}
user: postgres
command:
- "postgres"
- "-c"
- "wal_level=logical"
- "-c"
- "max_replication_slots=10"
- "-c"
- "shared_preload_libraries=/opt/dummy_seclabel/dummy_seclabel"
environment:
POSTGRES_PASSWORD: ${PGPASSWORD}
ports:
Expand Down

0 comments on commit 4e5b85b

Please sign in to comment.