| From: | Kohei KaiGai <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | pgsql-patches(at)postgresql(dot)org |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | [0/4] Proposal of SE-PostgreSQL patches |
| Date: | 2008-03-17 04:25:40 |
| Message-ID: | 47DDF2C4.6010404@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
The series of patches are the proposal of Security-Enhanced PostgreSQL
(SE-PostgreSQL) for the upstreamed PostgreSQL 8.4 development cycle.
[1/4] sepostgresql-pgace-8.4devel-3.patch
provides PGACE (PostgreSQL Access Control Extension) framework
[2/4] sepostgresql-sepgsql-8.4devel-3.patch
provides SE-PostgreSQL feature, based on PGACE framework.
[3/4] sepostgresql-pg_dump-8.4devel-3.patch
enables pg_dump to dump database with security attribute.
[4/4] sepostgresql-policy-8.4devel-3.patch
provides the default security policy for SE-PostgreSQL.
We can provide a quick overview of SE-PostgreSQL at:
http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL
Any comment and suggestion are welcome.
Thanks,
ENVIRONMENT
-----------
Please confirm your environment.
The followings are requriements of SE-PostgreSQL.
* Fedora 8 or later system
* SELinux is enabled and working
* kernel-2.6.24 or later
* selinux-policy and selinux-policy-devel v3.0.8 or later
* libselinux, policycoreutils
INSTALLATION
------------
$ tar jxvf postgresql-snapshot.tar.bz2
$ cd postgresql-snapshot
$ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch
$ ./configure --enable-selinux
$ make
$ make -C contrib/sepgsql-policy
$ su
# make install
# /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp
(NOTE: semodule is a utility to load/unload security policy modules.)
# /sbin/restorecon -R /usr/local/pgsql
(NOTE: restorecon is a utilicy to initialize security context of files.)
SETUP
-----
# mkdir -p /opt/sepgsql
# chown foo_user:var_group /opt/sepgsql
# chcon -t postgresql_db_t /opt/sepgsql
(NOTE: chcon is a utility to set up security context of files.)
# exit
$ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql
(NOTE: run_init is a utility to start a program, as if it is branched from init script.)
$ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kohei KaiGai | 2008-03-17 04:30:50 | [3/4] Proposal of SE-PostgreSQL patches |
| Previous Message | Tom Lane | 2008-03-17 03:59:41 | Remove hacks for old bad qsort() implementations? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kohei KaiGai | 2008-03-17 04:30:50 | [3/4] Proposal of SE-PostgreSQL patches |
| Previous Message | ITAGAKI Takahiro | 2008-03-17 03:04:08 | Re: Suppress compiler warnings on mingw |