| From: | Greg Smith <greg(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-11 01:28:57 |
| Message-ID: | 4B21A059.2000208@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
> My guess is that a credible SEPostgres offering will require a long-term
> amount of work at least equal to, and very possibly a good deal more
> than, what it took to make a native Windows port.
Wow, if I thought that was the case I'd be as negative about the whole
thing as you obviously are. In my head, I've been mentally bounding the
effort by thinking that its worst case work would be more like what it
took to add the role-based security to the system. I'd think that
adding a new feature to the existing security setup couldn't be more
painful than adding security in the first place, right? I didn't
carefully watch either play out , but I was under the impression that
the Windows port was quite a bit more work than that.
Since the current discussion keeps going around in circles, the way I
was trying to tilt the other thread I started towards was asking the
question "what would need to change in the current PostgreSQL code to
make the impact of adding the SEPostgreSQL code smaller?" I'd be
curious to hear any thoughts you had on that topic. We already sort of
refactored out "adding row-level security" as one answer to that, I feel
like there may be others in there too.
--
Greg Smith 2ndQuadrant Baltimore, MD
PostgreSQL Training, Services and Support
greg(at)2ndQuadrant(dot)com www.2ndQuadrant.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-12-11 01:31:28 | Re: thread safety on clients |
| Previous Message | Takahiro Itagaki | 2009-12-11 01:16:56 | Re: Largeobject Access Controls (r2460) |