| From: | Greg Williamson <gwilliamson39(at)yahoo(dot)com> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd(at)commandprompt(dot)com |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, David Fetter <david(at)fetter(dot)org>, Bruce Momjian <bruce(at)momjian(dot)us>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SE-PgSQL patch review |
| Date: | 2009-12-02 02:46:23 |
| Message-ID: | 421652.24912.qm@web46110.mail.sp1.yahoo.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei wrote:
===
Joshua D. Drake wrote:
> On Tue, 2009-12-01 at 14:46 -0500, Tom Lane wrote:
>> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>>> On Mon, 2009-11-30 at 20:28 -0800, David Fetter wrote:
>>>> This is totally separate from the really important question of whether
>>>> SE-Linux has a future, and another about whether, if SE-Linux has a
>>>> future, PostgreSQL needs to go there.
>>> Why would we think that it doesn't?
>> Have you noticed anyone except Red Hat taking it seriously?
>
> I just did a little research and it appears the other two big names in
> this world (Novel and Ubuntu) are using something called App Armor.
As far as I can see, SUSE, Ubuntu and Debian provide SELinux option.
But they are more conservative than RedHat/Fedora, because it is not
enabled in the default installation.
I don't think it is unpreferable decision. Users can choose the option
by themself according to requirements in the system.
===
How much of the work currently at hand might be applicable to other security models ? Would this be useful groundwork for anyone who wanted to implement other frameworks in terms of hooks, cleanup of existing code, etc. ?
Greg W.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-12-02 03:15:55 | Re: SE-PgSQL patch review |
| Previous Message | Caleb Welton | 2009-12-02 02:36:05 | [PATCH] bugfix for int2vectorin |