| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-07 14:48:59 |
| Message-ID: | 200912071448.nB7Emxm20794@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> > This is no harder than many of the other seemingly crazy things I have
> > done, e.g. Win32 port, client library threading. ?If this is a feature
> > we should have, I will get it done or get others to help me complete the
> > task.
>
> Well, I have always thought that it would be sort of a feather in our
> cap to support this, which is why I've done a couple of reviews of it
> in the past. I tend to agree with Tom that only a small fraction of
> our users will probably want it, but then again someone's been paying
> KaiGai to put a pretty hefty amount of work into this over the last
> year-plus, so obviously someone not only wants the feature but wants
> it merged. Within our community, I think that there have been a lot
> of people who have liked the concept of this feature but very few who
> have liked the patch, so there's somewhat of a disconnect between our
> aspirations and our better technical judgment. Tom is a notable
> exception who I believe likes neither the concept nor the patch, which
> is something we may need to resolve before getting too serious about
> this.
Agreed. SE-Linux support might expand our user base and give us
additional credibility, or it might be a feature that few people use ---
and I don't think anyone knows the outcome.
I wonder if we should rephrase this as, "How hard will this feature be
to add, and how hard will it be to remove in a few years if we decide we
don't want it?" SE-Linux support would certainly put Postgres in a
unique security category, and it builds on our existing good security
reputation.
Personally, I think AppArmor is a saner security system:
http://www.novell.com/linux/security/apparmor/selinux_comparison.html
(Novell-hosted URL)
but I am not advocating AppArmor support. I think the whole issue is
whether support for external integrated security systems is appropriate
for Postgres.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2009-12-07 14:50:43 | Re: Reading recovery.conf earlier |
| Previous Message | Marko Tiikkaja | 2009-12-07 14:46:11 | Re: Writeable CTE patch |