Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Greg Smith <gsmith(at)gregsmith(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2008-01-07 09:03:11
Message-ID: 4781EACF.6080406@ak.jp.nec.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Greg Smith wrote:
> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
> 
>> http://code.google.com/p/sepgsql/
>> ???
> 
> Getting that to work required some obtrusive changes to the source code, 
> which they've only done to 8.2.4.  Even that doesn't seem to be 
> production-quality and it's not clear how that will make its way into 
> newer versions yet.

Sorry for my late responding.

I don't argue your opinion about its quality issue.
We indeed need more feedbacks and improvements from widespread viewpoints.

The current status of SE-PostgreSQL is a bit incorrect.
The latest one is sepostgresql-8.2.5-1.66.fc9, based on 8.2.5.
See, http://download.fedora.redhat.com/pub/fedora/linux/development/

Currently, we are paying efforts to port SE-PostgreSQL features
into 8.3.x based PostgreSQL.
(It is based on 8.3beta based PostgreSQL in correct.)

> The job here is to work on the SELinux policies for PostgreSQL.  You 
> can't just re-use whatever work has gone into the SE-PostgreSQL ones, 
> because those presume you're using their modified server instead of the 
> regular one.

Yes, SE-PostgreSQL requires to stop the regular one when it works.
We cannot use both of them at the same time.

However, the default security policy is designed as if it works
like regular one without any special SELinux configuration.
If you can find out any bug or unclear behavior, I want you to report it.

> I started collecting notes and writing a PostgreSQL/SELinux how-to aimed 
> at RHEL 5.0+ but I'm not doing work in that area anymore.

I'm interested in this effort.
Could you tell me the URL?

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

pgsql-hackers by date

Next:From: KaiGai KoheiDate: 2008-01-07 09:10:34
Subject: Re: Spoofing as the postmaster
Previous:From: Joshua D. DrakeDate: 2008-01-07 05:59:54
Subject: Re: Bug: Unreferenced temp tables disables vacuum to update xid

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group