Skip site navigation (1) Skip section navigation (2)

Re: Spoofing as the postmaster

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Greg Smith <gsmith(at)gregsmith(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2008-01-07 09:36:42
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Greg Smith wrote:
> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
>> "they've" has the potential to be "we"... As I recall the individual
>> made a reasonable effort to introduce the work that he was doing to the
>> community.
> After a bit of hindsight research, I think SE-PostgreSQL suffered from 
> two timing problems combined with a cultural misperception.  The first 
> timing issue was that those messages went out just as the 8.3 feature 
> freeze was going on.  I know I looked at their stuff for a bit at that 
> point, remembered I had patches to work on, and that was it at that 
> point.

Yes, it was lack of my understanding of PostgreSQL development process.

> The second problem is that just after the first message to the 
> list came out, RedHat released RHEL 5.0, which did a major reworking of 
> SELinux that everyone could for production systems immediately.  I know 
> all my SELinux time at that point immediately switched to working 
> through the major improvements RHEL5 made rather than thinking about 
> their project.

The most of SELinux features on RHEL5.0 are based on Fedora core 6.
It does not contain any SE-PostgreSQL support.

We have to wait for next major release of RHEL to apply SE-PostgreSQL
features on production system. If you can try out it on non-production
system, Fedora 8 is the most recommendable environment.

> The cultural problem is that their deliverable was a series of RPM 
> packages (for Fedora 7, ack).  They also have a nice set of user 
> documentation.  But you can't send a message to this hackers list asking 
> for feedback and hand that over as your reference.  People here want 
> code. When I wander through the threads that died, I think this message 
> shows the mismatch best: 

I'll send it as a patch to discuss this feature.
Please wait for we can port it into the latest postgresql tree.
(Maybe, it is nonsense to discuss 8.2.x based patches.)

> When Tom throws out an objection that a part of the design looks 
> sketchy, the only good way to respond is to throw the code out and let 
> him take a look.  I never saw the SE-PostgreSQL group even showing diffs 
> of what they did; making it easy to get a fat context diff (with a bit 
> more context than usual) would have done wonders for their project.  
> You're not going to get help from this community if people have to 
> install a source RPM and do their own diff just to figure out what was 
> changed from the base.

Thanks for your indications.
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

pgsql-hackers by date

Next:From: Michael AkindeDate: 2008-01-07 09:40:23
Subject: Re: VACUUM FULL out of memory
Previous:From: KaiGai KoheiDate: 2008-01-07 09:10:34
Subject: Re: Spoofing as the postmaster

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group