Re: Updates of SE-PostgreSQL 8.4devel patches (r1076)

Now we have just a month due to the final deadline.

I think we could sort out and make clear its conceptual issues
during CommitFest:Sep. So, I think it is good time that we can
move to the disucussion about its implementation.

Anyway, I want any suggestions what should I pay my efforts to
during the remaining month.

Thanks,

KaiGai Kohei wrote:
> I updated the following SE-PostgreSQL patches:
>
> [1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1076.patch
> [2/5] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1076.patch
> [3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1076.patch
> [4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1076.patch
> [5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1076.patch
>
> - Patches are rebased to the latest CVS HEAD.
> - Improvement of performance penalty for access checks.
> Reworks in access vector chache enables to reduce performance loss, as
> follows:
>
> http://kaigai.sakura.ne.jp/sblo_files/kaigai/image/080930_sepgsql_performance.png
>
> It shows about 8% loss in maximum, and larger scale database give us
> smaller losses in trend.
> - Add a hook to check permission on "COPY TO/FROM <file>".
> In the previous version, SE-PostgreSQL does not check permissions
> to the file used in COPY statement. It is fixed.
> - Documentation updates
> - Descriptions for build & install are reworked, because most of
> security policy for SE-PostgreSQL now got merged into the upstream
> selinux-policy package.
> - Add a "Limitation" section to describe about covert channel and
> reference integrity.
>
> Thanks,

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>