Skip site navigation (1) Skip section navigation (2)

Re: SEPostgres - on track for 8.4?

From: Josh Berkus <josh(at)agliodbs(dot)com>
To: Joshua Kramer <josh(at)globalherald(dot)net>
Cc: pgsql-advocacy(at)postgresql(dot)org
Subject: Re: SEPostgres - on track for 8.4?
Date: 2008-10-22 16:14:12
Message-ID: 48FF5154.4030305@agliodbs.com (view raw or flat)
Thread:
Lists: pgsql-advocacy
Joshua Kramer wrote:
> 
> Howdy Folks,
> 
> I notice that several SELinux patches have been submitted in the 
> CommitFest targeting Nov 1 for 8.4.  Is this on track for implementation 
> in Postgres core by 8.4?

Still under discussion.  The idea is to get it merged for 8.4, *but* 
there's three critical areas that need help:

1) making row-based permissions which is exposed to the SQL command line 
and works even without SELinux.

2) coming up with some acceptable algorithm in which FKs can work with 
row-based-permissions which can be improved in the future without 
breaking backwards compatibility.

3) detailed checking of the current implementation of SEPostgres against 
the Common Criteria requirements by someone who speaks "security tech".

So, anyone who wants this patch, **we need your help** in making it happen.

Also, as you can see, PostgreSQL is not about "good enough" but about 
"as good as we can reasonably do".  I think generally that since we're 
releasing once a year, every year, holding off on a patch for one 
version to make it "near perfect" is probably a good strategy ... as 
much as it pains me to wait.

Current status of SEPostgres patch: hopeful, but not assured.

--Josh Berkus

In response to

Responses

pgsql-advocacy by date

Next:From: Robert TreatDate: 2008-10-23 00:32:19
Subject: Re: SEPostgres - on track for 8.4?
Previous:From: Joshua KramerDate: 2008-10-22 13:31:42
Subject: SEPostgres - on track for 8.4?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group