From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Cc: | Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com> |
Subject: | Updates of SE-PostgreSQL 8.4devel patches (r1076) |
Date: | 2008-10-01 06:48:24 |
Message-ID: | 48E31D38.5060000@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
I updated the following SE-PostgreSQL patches:
[1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1076.patch
[2/5] http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1076.patch
[3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1076.patch
[4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1076.patch
[5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1076.patch
- Patches are rebased to the latest CVS HEAD.
- Improvement of performance penalty for access checks.
Reworks in access vector chache enables to reduce performance loss, as follows:
http://kaigai.sakura.ne.jp/sblo_files/kaigai/image/080930_sepgsql_performance.png
It shows about 8% loss in maximum, and larger scale database give us
smaller losses in trend.
- Add a hook to check permission on "COPY TO/FROM <file>".
In the previous version, SE-PostgreSQL does not check permissions
to the file used in COPY statement. It is fixed.
- Documentation updates
- Descriptions for build & install are reworked, because most of
security policy for SE-PostgreSQL now got merged into the upstream
selinux-policy package.
- Add a "Limitation" section to describe about covert channel and
reference integrity.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | Paul Schlie | 2008-10-01 06:57:47 | Re: Block-level CRC checks |
Previous Message | Gurjeet Singh | 2008-10-01 05:12:28 | Re: Bad error message |