| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Subject: | Re: [PATCH] SE-PgSQL/tiny rev.2193 |
| Date: | 2009-07-17 12:59:29 |
| Message-ID: | 200907171559.29499.peter_e@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Friday 17 July 2009 06:10:12 Robert Haas wrote:
> 2009/7/16 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> > Yes, the tiny version will not give any advantages in security without
> > future enhancements.
> > It is not difficult to add object classes and permissions.
> > If necessary, I'll add checks them with corresponding permissions.
> >
> > One anxiety is PostgreSQL specific object class, such as LANGUAGE.
> > It's not clear for me whether the maintainer of the SELinux security
> > policy accept these kind of object classes, or not.
> > I would like to implement them except for PostgreSQL specific object
> > class in this phase.
>
> I'm starting to think that there's just no hope of this matching up
> well enough with the way PostgreSQL already works to have a chance of
> being accepted.
What I'm understanding here is the apparent requirement that the SEPostgreSQL
implementation be done in a way that a generic SELinux policy that has been
written for an operating system and file system can be applied to PostgreSQL
without change and do something useful. I can see merits for or against that.
But in any case, this needs to be clarified, if I understand this requirement
correctly anyway.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nikhil Sontakke | 2009-07-17 13:00:13 | Re: [PATCH] DefaultACLs |
| Previous Message | Richard Huxton | 2009-07-17 12:58:27 | Re: navigation menu for documents |