Re: [0/4] Proposal of SE-PostgreSQL patches

I'll submit the proposal of SE-PostgreSQL patches again, because some of previous
messages are filtered due to attachment and I cannot provide whole of patches yet.
Please refer the pointed URL, as follows.

------
The series of patches are the proposal of Security-Enhanced PostgreSQL (SE-PostgreSQL)
for the upstreamed PostgreSQL 8.4 development cycle.

[1/4] sepostgresql-pgace-8.4devel-3.patch
provides PGACE (PostgreSQL Access Control Extension) framework
http://sepgsql.googlecode.com/files/sepostgresql-pgace-8.4devel-3-r704.patch

[2/4] sepostgresql-sepgsql-8.4devel-3.patch
provides SE-PostgreSQL feature, based on PGACE framework.
http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r704.patch

[3/4] sepostgresql-pg_dump-8.4devel-3.patch
enables pg_dump to dump database with security attribute.
http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r704.patch

[4/4] sepostgresql-policy-8.4devel-3.patch
provides the default security policy for SE-PostgreSQL.
http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r704.patch

We can provide a quick overview for SE-PostgreSQL at:
http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL

ENVIRONMENT
-----------
Please confirm your environment.
The followings are requriements of SE-PostgreSQL.
* Fedora 8 or later system
* SELinux is enabled and working
* kernel-2.6.24 or later
* selinux-policy and selinux-policy-devel v3.0.8 or later
* libselinux, policycoreutils

INSTALLATION
------------
$ tar jxvf postgresql-snapshot.tar.bz2
$ cd postgresql-snapshot
$ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch

$ ./configure --enable-selinux
$ make
$ make -C contrib/sepgsql-policy
$ su
# make install

# /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp
(NOTE: semodule is a utility to load/unload security policy modules.)

# /sbin/restorecon -R /usr/local/pgsql
(NOTE: restorecon is a utilicy to initialize security context of files.)

SETUP
-----
# mkdir -p /opt/sepgsql
# chown foo_user:var_group /opt/sepgsql
# chcon -t postgresql_db_t /opt/sepgsql
(NOTE: chcon is a utility to set up security context of files.)
# exit

$ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql
(NOTE: run_init is a utility to start a program, as if it is branched from init script.)
$ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start

SUMMARYS FOR EVERY PATCHES
--------------------------
[1/4] - sepostgresql-pgace-8.4devel-3.patch

This patch provides PGACE (PostgreSQL Access Control Extension) framework.

It has a similar idea of LSM (Linu Security Module).
It can provide a guest module several hooks at strategic points.
The guest module can make its decision whether required actions should be
allowed, or not.
In addition, PGACE also provides falicilites to manage security attribute
of database objects. Any tuple can have a its security attribute, and the
guest module can refer it to control accesses.

A more conprehensive memo at:
http://code.google.com/p/sepgsql/wiki/WhatIsPGACE

[2/4] - sepostgresql-sepgsql-8.4devel-3.patch

This patch provides SE-PostgreSQL facilities based on PGACE.

Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension
built in PostgreSQL, to provide system-wide consistency in access
controls. It enables to apply a single unigied security policy of
SELinux for both operating system and database management system.
In addition, it also provides fine-grained mandatory access which
includes column-/row- level non-bypassable access control even if
privileged database users.

Quick overview at:
http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL

[3/4] - sepostgresql-pg_dump-8.4devel-3.patch

This patch gives us a feature to dump database with security attribute.
It is turned on with '--enable-selinux' option at pg_dump/pg_dumpall,
when the server works as SE- version.
No need to say, users need to have enough capabilities to dump whole of
database. It it same when they tries to restore the database.

[4/4] - sepostgresql-policy-8.4devel-3.patch

This patch gives us the default security policy for SE-PostgreSQL.
You can build it as a security policy module. It can be linked with
the existing distributor's policy, and reloaded.

--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>