Skip site navigation (1) Skip section navigation (2)

Re: [0/4] Proposal of SE-PostgreSQL patches

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: pgsql-patches(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org
Cc: Kohei KaiGai <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches
Date: 2008-03-17 14:04:42
Message-ID: 47DE7A7A.5080305@kaigai.gr.jp (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
I'll submit the proposal of SE-PostgreSQL patches again, because some of previous
messages are filtered due to attachment and I cannot provide whole of patches yet.
Please refer the pointed URL, as follows.

------
The series of patches are the proposal of Security-Enhanced PostgreSQL (SE-PostgreSQL)
for the upstreamed PostgreSQL 8.4 development cycle.

 [1/4] sepostgresql-pgace-8.4devel-3.patch
         provides PGACE (PostgreSQL Access Control Extension) framework
    http://sepgsql.googlecode.com/files/sepostgresql-pgace-8.4devel-3-r704.patch

 [2/4] sepostgresql-sepgsql-8.4devel-3.patch
         provides SE-PostgreSQL feature, based on PGACE framework.
    http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r704.patch

 [3/4] sepostgresql-pg_dump-8.4devel-3.patch
         enables pg_dump to dump database with security attribute.
    http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r704.patch

 [4/4] sepostgresql-policy-8.4devel-3.patch
         provides the default security policy for SE-PostgreSQL.
    http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r704.patch

We can provide a quick overview for SE-PostgreSQL at:
    http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL

ENVIRONMENT
-----------
Please confirm your environment.
The followings are requriements of SE-PostgreSQL.
 * Fedora 8 or later system
 * SELinux is enabled and working
 * kernel-2.6.24 or later
 * selinux-policy and selinux-policy-devel v3.0.8 or later
 * libselinux, policycoreutils

INSTALLATION
------------
$ tar jxvf postgresql-snapshot.tar.bz2
$ cd postgresql-snapshot
$ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch

$ ./configure --enable-selinux
$ make
$ make -C contrib/sepgsql-policy
$ su
# make install

# /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp
  (NOTE: semodule is a utility to load/unload security policy modules.)

# /sbin/restorecon -R /usr/local/pgsql
  (NOTE: restorecon is a utilicy to initialize security context of files.)

SETUP
-----
# mkdir -p /opt/sepgsql
# chown foo_user:var_group /opt/sepgsql
# chcon -t postgresql_db_t /opt/sepgsql
  (NOTE: chcon is a utility to set up security context of files.)
# exit

$ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql
  (NOTE: run_init is a utility to start a program, as if it is branched from init script.)
$ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start


SUMMARYS FOR EVERY PATCHES
--------------------------
[1/4] - sepostgresql-pgace-8.4devel-3.patch

This patch provides PGACE (PostgreSQL Access Control Extension) framework.

It has a similar idea of LSM (Linu Security Module).
It can provide a guest module several hooks at strategic points.
The guest module can make its decision whether required actions should be
allowed, or not.
In addition, PGACE also provides falicilites to manage security attribute
of database objects. Any tuple can have a its security attribute, and the
guest module can refer it to control accesses.

  A more conprehensive memo at:
    http://code.google.com/p/sepgsql/wiki/WhatIsPGACE

[2/4] - sepostgresql-sepgsql-8.4devel-3.patch

This patch provides SE-PostgreSQL facilities based on PGACE.

Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension
built in PostgreSQL, to provide system-wide consistency in access
controls. It enables to apply a single unigied security policy of
SELinux for both operating system and database management system.
In addition, it also provides fine-grained mandatory access which
includes column-/row- level non-bypassable access control even if
privileged database users.

  Quick overview at:
    http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL

[3/4] - sepostgresql-pg_dump-8.4devel-3.patch

This patch gives us a feature to dump database with security attribute.
It is turned on with '--enable-selinux' option at pg_dump/pg_dumpall,
when the server works as SE- version.
No need to say, users need to have enough capabilities to dump whole of
database. It it same when they tries to restore the database.

[4/4] - sepostgresql-policy-8.4devel-3.patch

This patch gives us the default security policy for SE-PostgreSQL.
You can build it as a security policy module. It can be linked with
the existing distributor's policy, and reloaded.

-- 
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-03-17 14:11:39
Subject: Re: Rewriting Free Space Map
Previous:From: KaiGai KoheiDate: 2008-03-17 13:56:09
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches

pgsql-patches by date

Next:From: Alvaro HerreraDate: 2008-03-17 14:21:21
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches
Previous:From: KaiGai KoheiDate: 2008-03-17 13:56:09
Subject: Re: [0/4] Proposal of SE-PostgreSQL patches

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group