Re: Adding support for SE-Linux security

Magnus,

* Magnus Hagander (magnus(at)hagander(dot)net) wrote:
> On Fri, Dec 11, 2009 at 05:45, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> > It's been perfectly clear since day one, and was reiterated as recently
> > as today
> > http://archives.postgresql.org/message-id/4B21757E.7090806@2ndquadrant.com
> > that what the security community wants is row-level security.  The
>
> If that is true, then shouldn't we have an implementation of row level
> security *first*, and then an implementation of selinux hooks that
> work with this row level security feature? Rather than first doing
> selinux hooks, then row level security, which will likely need new
> and/or changed hooks...

The proposal we're currently grappling with is to pull all the various
checks which are sprinkled through our code into a single area.
Clearly, if that work is done before we implement row-level security,
then the patch for row-level security will just add it's checks in the
security/ area and it'd be then easily picked up by SELinux, etc.

> I'm not convinced that row level security is actually that necessary
> (though it's a nice feature, with or without selinux), but if it is,
> it seems we are approaching the problem from the wrong direction.

It has to be implemented independent of the security/SELinux/etc changes
in any case, based on what was said previously.. So I don't
particularly understand why it matters a great deal which one happens
first. They're independently useful features, though both are not
nearly as good on their own as when they are combined. Sorry, I just
don't see this as a "cart-before-the-horse" case.

Thanks,

Stephen