Skip site navigation (1) Skip section navigation (2)

[0/4] Proposal of SE-PostgreSQL patches

From: Kohei KaiGai <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: pgsql-patches(at)postgresql(dot)org
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: [0/4] Proposal of SE-PostgreSQL patches
Date: 2008-03-17 04:25:40
Message-ID: 47DDF2C4.6010404@ak.jp.nec.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
The series of patches are the proposal of Security-Enhanced PostgreSQL
(SE-PostgreSQL) for the upstreamed PostgreSQL 8.4 development cycle.

 [1/4] sepostgresql-pgace-8.4devel-3.patch
         provides PGACE (PostgreSQL Access Control Extension) framework
 [2/4] sepostgresql-sepgsql-8.4devel-3.patch
         provides SE-PostgreSQL feature, based on PGACE framework.
 [3/4] sepostgresql-pg_dump-8.4devel-3.patch
         enables pg_dump to dump database with security attribute.
 [4/4] sepostgresql-policy-8.4devel-3.patch
         provides the default security policy for SE-PostgreSQL.

We can provide a quick overview of SE-PostgreSQL at:
    http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL

Any comment and suggestion are welcome.
Thanks,


ENVIRONMENT
-----------
Please confirm your environment.
The followings are requriements of SE-PostgreSQL.
 * Fedora 8 or later system
 * SELinux is enabled and working
 * kernel-2.6.24 or later
 * selinux-policy and selinux-policy-devel v3.0.8 or later
 * libselinux, policycoreutils

INSTALLATION
------------
$ tar jxvf postgresql-snapshot.tar.bz2
$ cd postgresql-snapshot
$ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch

$ ./configure --enable-selinux
$ make
$ make -C contrib/sepgsql-policy
$ su
# make install

# /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp
  (NOTE: semodule is a utility to load/unload security policy modules.)

# /sbin/restorecon -R /usr/local/pgsql
  (NOTE: restorecon is a utilicy to initialize security context of files.)

SETUP
-----
# mkdir -p /opt/sepgsql
# chown foo_user:var_group /opt/sepgsql
# chcon -t postgresql_db_t /opt/sepgsql
  (NOTE: chcon is a utility to set up security context of files.)
# exit

$ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql
  (NOTE: run_init is a utility to start a program, as if it is branched from init script.)
$ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start

-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

Responses

pgsql-hackers by date

Next:From: Kohei KaiGaiDate: 2008-03-17 04:30:50
Subject: [3/4] Proposal of SE-PostgreSQL patches
Previous:From: Tom LaneDate: 2008-03-17 03:59:41
Subject: Remove hacks for old bad qsort() implementations?

pgsql-patches by date

Next:From: Kohei KaiGaiDate: 2008-03-17 04:30:50
Subject: [3/4] Proposal of SE-PostgreSQL patches
Previous:From: ITAGAKI TakahiroDate: 2008-03-17 03:04:08
Subject: Re: Suppress compiler warnings on mingw

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group