Re: Adding support for SE-Linux security

On Thu, 2009-12-10 at 17:08 -0500, Tom Lane wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
> > Unlike Tom (I think), I do believe that there is demand (possibly only
> > from a limited number of people, but demand all the same) for this
> > feature.
>
> Please note that I do not think there is *zero* demand for the feature.
> There is obviously some. What I find highly dubious is whether there is
> enough demand to justify the amount of effort, both short- and long-term,
> that the community would have to put into it.
>
> > And I also believe that most people in our community are
> > generally supportive of the idea, but only a minority are willing to
> > put in time to make it happen. So I have no problem saying to the
> > people who want the feature - none of our committers feel like working
> > on this. Sorry. On the other hand, I also have no problem telling
> > them - good news, Bruce Momjian thinks this is a great feature and
> > wants to help you get it done. I *do* have a problem with saying - we
> > don't really know whether anyone will ever want to work on this with
> > you or not.
>
> If I thought that Bruce could go off in a corner and make this happen
> and it would create no demands on anybody but him and KaiGai-san, I
> would say "fine, if that's where you want to spend your time, go for
> it". But even to state that implied claim is to see how false it is.
> Bruce is pointing to the Windows port, but he didn't make it happen
> by himself, or any close approximation of that. Everybody who works
> on this project has been affected by that, and we're *still* putting
> significant amounts of time into Windows compatibility, over five years
> later.
>
> My guess is that a credible SEPostgres offering will require a long-term
> amount of work at least equal to, and very possibly a good deal more
> than, what it took to make a native Windows port. If SEPostgres could
> bring us even 10% as many new users as the Windows port did, it'd
> probably be a worthwhile use of our resources. But again, that's an
> assumption that's difficult to type without bursting into laughter.
>
> regards, tom lane

So a couple of us in the Maryland/DC area went to the BWPUG meeting last
night and we sat down for two hours and answered a bunch of questions
from Greg Smith, Steve Frost, and a few others. Greg was taking notes
during the entire meeting and I believe he will be starting a thread
with the minutes from the meeting. Greg brought up 5 or 6 concerns that
he has observed in the community about the work including the issue of
who is going to use this. The minutes will give a much better account of
the conversation but Josh Brindle and I have gave examples outside of
DoD where the MAC framework without row based access controls can be
useful. For our purposes in DoD we need the MAC Framework and the row
based access controls but if a good starting point is to just do the
access control over the database objects then it will be useful for some
commercial cases and some limited military cases.

Dave