Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)

Simon Riggs wrote:
> On Mon, 2008-11-24 at 22:09 +0900, KaiGai Kohei wrote:
>
>> I removed the two hooks at the r1244 patch set.
>> As you said, it is fundamentally danger to load uncertain binary modules.
>> Thus, what we should do is checks on module loading.
>>
>> The default security policy requires loadable modules to be labeled as
>> 'lib_t' type which means shared library files installed correctly.
>
> We definitely want to include add-in modules with high security systems,
> e.g. GIS and oracle compatibility functions.

Yes, it is possible.
SELinux assigns 'lib_t' type for modules stored in '/usr/lib/pgsql/' in default.

like:
[kaigai(at)saba ~]$ ls -Z /usr/lib/pgsql
-rwxr-xr-x root root system_u:object_r:lib_t ascii_and_mic.so
-rwxr-xr-x root root system_u:object_r:lib_t cyrillic_and_mic.so
-rwxr-xr-x root root system_u:object_r:lib_t dict_snowball.so
-rwxr-xr-x root root system_u:object_r:lib_t euc_cn_and_mic.so
-rwxr-xr-x root root system_u:object_r:lib_t euc_jis_2004_and_shift_jis_2004.so
-rwxr-xr-x root root system_u:object_r:lib_t euc_jp_and_sjis.so
-rwxr-xr-x root root system_u:object_r:lib_t euc_kr_and_mic.so
- snip -
(*) "-Z" option enables to show the security context of files.

SE-PostgreSQL does not prevent to load them. It means we want to allow to load library
files stored by database administrators properly, not a uncertain files.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>