diff --git a/tests/build/Dockerfile b/tests/build/Dockerfile new file mode 100644 index 00000000..e132f836 --- /dev/null +++ b/tests/build/Dockerfile @@ -0,0 +1,6 @@ +FROM postgres:${PGVERSION:-latest} + +RUN apt-get update && apt-get install -y build-essential postgresql-server-dev-all +COPY dummy_seclabel /opt/dummy_seclabel +WORKDIR /opt/dummy_seclabel +RUN make diff --git a/tests/build/dummy_seclabel/Makefile b/tests/build/dummy_seclabel/Makefile new file mode 100644 index 00000000..3447a688 --- /dev/null +++ b/tests/build/dummy_seclabel/Makefile @@ -0,0 +1,13 @@ +# src/test/modules/dummy_seclabel/Makefile + +MODULES = dummy_seclabel +PGFILEDESC = "dummy_seclabel - regression testing of the SECURITY LABEL statement" + +EXTENSION = dummy_seclabel +DATA = dummy_seclabel--1.0.sql + +REGRESS = dummy_seclabel + +PG_CONFIG = pg_config +PGXS := $(shell $(PG_CONFIG) --pgxs) +include $(PGXS) diff --git a/tests/build/dummy_seclabel/dummy_seclabel--1.0.sql b/tests/build/dummy_seclabel/dummy_seclabel--1.0.sql new file mode 100644 index 00000000..5939e930 --- /dev/null +++ b/tests/build/dummy_seclabel/dummy_seclabel--1.0.sql @@ -0,0 +1,8 @@ +/* src/test/modules/dummy_seclabel/dummy_seclabel--1.0.sql */ + +-- complain if script is sourced in psql, rather than via CREATE EXTENSION +\echo Use "CREATE EXTENSION dummy_seclabel" to load this file. \quit + +CREATE FUNCTION dummy_seclabel_dummy() + RETURNS pg_catalog.void +AS 'MODULE_PATHNAME' LANGUAGE C; diff --git a/tests/build/dummy_seclabel/dummy_seclabel.c b/tests/build/dummy_seclabel/dummy_seclabel.c new file mode 100644 index 00000000..fea8d679 --- /dev/null +++ b/tests/build/dummy_seclabel/dummy_seclabel.c @@ -0,0 +1,60 @@ +/* + * dummy_seclabel.c + * + * Dummy security label provider. + * + * This module does not provide anything worthwhile from a security + * perspective, but allows regression testing independent of platform-specific + * features like SELinux. + * + * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group + * Portions Copyright (c) 1994, Regents of the University of California + */ +#include "postgres.h" + +#include "commands/seclabel.h" +#include "fmgr.h" +#include "miscadmin.h" +#include "utils/rel.h" + +PG_MODULE_MAGIC; + +PG_FUNCTION_INFO_V1(dummy_seclabel_dummy); + +static void +dummy_object_relabel(const ObjectAddress *object, const char *seclabel) +{ + if (seclabel == NULL || + strcmp(seclabel, "unclassified") == 0 || + strcmp(seclabel, "classified") == 0) + return; + + if (strcmp(seclabel, "secret") == 0 || + strcmp(seclabel, "top secret") == 0) + { + if (!superuser()) + ereport(ERROR, + (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), + errmsg("only superuser can set '%s' label", seclabel))); + return; + } + ereport(ERROR, + (errcode(ERRCODE_INVALID_NAME), + errmsg("'%s' is not a valid security label", seclabel))); +} + +void +_PG_init(void) +{ + register_label_provider("dummy", dummy_object_relabel); +} + +/* + * This function is here just so that the extension is not completely empty + * and the dynamic library is loaded when CREATE EXTENSION runs. + */ +Datum +dummy_seclabel_dummy(PG_FUNCTION_ARGS) +{ + PG_RETURN_VOID(); +} diff --git a/tests/build/dummy_seclabel/dummy_seclabel.control b/tests/build/dummy_seclabel/dummy_seclabel.control new file mode 100644 index 00000000..8c372728 --- /dev/null +++ b/tests/build/dummy_seclabel/dummy_seclabel.control @@ -0,0 +1,4 @@ +comment = 'Test code for SECURITY LABEL feature' +default_version = '1.0' +module_pathname = '$libdir/dummy_seclabel' +relocatable = true diff --git a/tests/docker-compose.yml b/tests/docker-compose.yml index 177994bf..6c212946 100644 --- a/tests/docker-compose.yml +++ b/tests/docker-compose.yml @@ -2,7 +2,8 @@ version: "3" services: postgres: - image: postgres:${PGVERSION:-latest} + build: build +# image: postgres:${PGVERSION:-latest} user: postgres command: - "postgres" @@ -10,6 +11,8 @@ services: - "wal_level=logical" - "-c" - "max_replication_slots=10" + - "-c" + - "shared_preload_libraries=/opt/dummy_seclabel/dummy_seclabel" environment: POSTGRES_PASSWORD: ${PGPASSWORD} ports: