Dear all,

For what it's worth, here a report on building MonetDB from source on a Linux FC30 system with SELinux enabled.

Thanks to Sjoerd for some crucial hints in getting it to work, and Roberto for the encouragement to not give up :-)

First, build as usual:

    ./bootstrap

    ./configure  --disable-debug --disable-developer --disable-assert --enable-optimize
    make -j

Now, skip the usual `make install` and build rpm packages instead - this includes a single rpm that applies (almost) all the SELinux policies MonetDB needs.

(Missing ones should be reported as bugs.)

    make rpm

Install the created rpm packages in two steps, such that all directories that need policies have indeed been created (the SELinux rpm is under the noarch tree):

    find rpmbuild/RPMS/`uname -m` -name \*.rpm | xargs sudo dnf --disablerepo="*" install --skip-broken -y

Start the server:

    sudo systemctl status monetdbd

You can always uninstall the rpm packages with some more shell magic (replace x86_64 by `uname -m`):

    find rpmbuild/RPMS -name \*.rpm | sed -e 's/.*\/\(MonetDB.\+fedora30\)\(\.x86.64\|\.noarch\)\?\.rpm/\1/g' | xargs sudo dnf --disablerepo="*" -y rm

This was sufficient for my, but if you are struggling with SELinux warnings/errors, it may be useful to know the following basics:

You can check assigned filecontexts using

    ls -alRZ /var/monetdb5

These should align with the file contexts specified in monetdb.fc:

    grep monetdb5 /usr/share/doc/MonetDB-selinux/monetdb.fc

    sudo semanage fcontext -a -t monetdbd_etc_t /var/monetdb5/.merovingian_properties

    sudo restorecon -v /var/monetdb5/.merovingian_properties

Remaining issues are the following:

+ `make -j rpm` does not seem to work correctly.

+ `MonetDB-client-test` package does not want to install with the above command due to the --disablerepo flag.

+ SELinux complained about access to resource `cpu` - fixed by using the suggested `audit` in the error message.

Good luck, hope it saves some people time!

Arjen