Skip site navigation (1) Skip section navigation (2)

Status Report on SE-PostgreSQL

From: KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
To: "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Status Report on SE-PostgreSQL
Date: 2009-01-17 04:21:46
Message-ID: 49715CDA.5090506@kaigai.gr.jp (view raw or flat)
Thread:
Lists: pgsql-hackers
I also think it is a good idea to summarize current status of
SE-PostgreSQL, as Simon Riggs doing on his works.

The current revision of SE-PostgreSQL is 1425, available here:

 [1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1425.patch
 [2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1425.patch
 [3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1425.patch
 [4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1425.patch
 [5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1425.patch

We had various kind of comments, feature requests and discussions during
previous/current commit fest, then whole of them are already included.

Currently, we have no open issues here.

As I summarized as follows, we had many discussions about its design
issues mainly, so my patch set has been updated to support them.
I believe we should move to detailed-reviews to merge the feature any
time now, since we should aware of v8.4 schedule.

I really would like folks to help/volunteer reviewing the patches, please!

* CommitFest:Nov
 - Simon Riggs requires a new GUC option to turn on/off row-level security
   labeling to reduce storage comsumption, then updated as follows:
     http://archives.postgresql.org/message-id/492691A8.8030103@ak.jp.nec.com
 - Bruce Momjian suggested Row-level database ACLs to be compiled in default.
 - Discussions for default compile options: PostgreSQL doesn't prefer compile
   time option to turn on/off features, except for platform specific one.
   SE-PostgreSQL is indeed platform specific feature. But, it makes other
   issue that need mutually-exclusive enhanced security feature.
   We concluded it as follows:
   - All configurable features should be compiled within a single binary.
   - Both of DAC and MAC should be available simultaneously in row-level also.
   - DAC is hardwired, and we allow users to choose an enhanced security feature.
 - I updated the patch set to support both of Row-level database ACLs and
   an enhanced security feature (SELinux) simultaneously. ('08/12/17)
     http://archives.postgresql.org/message-id/4948B6BD.1050402@ak.jp.nec.com
 - Robert Haas concerned about Stephen Frost's column-level privileges has
   a trouble, so it's unclear whether it can get merged into v8.4.
   - I also worked for his patch, then it got being ready for commit:
       http://archives.postgresql.org/message-id/20090116045825.GY4656@tamriel.snowman.net
 - Alvaro Herrera suggested "static inline" is not preferable.

* CommitFest:Sep
 - Peter Eisentraut commented about its design specifications:
     http://archives.postgresql.org/message-id/48D03953.6000308@gmx.net
 - The hot issues were lack of fine-grained access controls in SQL-level,
   and covert channels with row-level controls.
 - We finally made agreement to provide platform independent row-level controls,
   and explicit documentation about covert channels in PK/FK constraints.
   No one didn't want to apply polyinstantiation idea.
 - Simon Riggs requires wiki article to introduce SE-PostgreSQL.
     http://wiki.postgresql.org/wiki/SEPostgreSQL
 - Patch set was updated to support Row-level database ACLs
   http://archives.postgresql.org/message-id/48F46606.4080207@ak.jp.nec.com

* CommitFest:Jul
 - The patch set got documentation/testcases.
 - Peter Eisentraut commented about some of items:
     http://archives.postgresql.org/message-id/200807071739.58428.peter_e@gmx.net
 - Then, these items are updated:
     http://archives.postgresql.org/message-id/48773188.6000809@ak.jp.nec.com

* CommitFest:May
 - First patch set for v8.4 were proposed.
 - Tom Lane gave us various items to be improved.
     http://archives.postgresql.org/message-id/3275.1210019965@sss.pgh.pa.us
 - I had a presentation at PGcon2008 ottawa.
     http://sepgsql.googlecode.com/files/PGCON20080523.pdf

* Prior phase
 - First proposal of PGACE security framework, but I didn't know it was
   just after the date of feature freeze in v8.3. So, it was suggested
   to wait for v8.4 development cycle. ('07/04/17)
 - 8.2.x based SE-PostgreSQL announced. ('07/09/04)
 - SE-PostgreSQL package got merged into Fedora Project. ('07/11/08)
 - 8.3.x based SE-PostgreSQL announced. ('08/03/08)

Thanks,
-- 
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

Responses

pgsql-hackers by date

Next:From: Simon RiggsDate: 2009-01-17 08:54:38
Subject: MemoryContextSwitchTo (Re: [GENERAL] Autovacuum daemon terminatedby signal 11)
Previous:From: Alvaro HerreraDate: 2009-01-17 04:14:33
Subject: Re: Autovacuum daemon terminated by signal 11

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group