I also think it is a good idea to summarize current status of
SE-PostgreSQL, as Simon Riggs doing on his works.
The current revision of SE-PostgreSQL is 1425, available here:
We had various kind of comments, feature requests and discussions during
previous/current commit fest, then whole of them are already included.
Currently, we have no open issues here.
As I summarized as follows, we had many discussions about its design
issues mainly, so my patch set has been updated to support them.
I believe we should move to detailed-reviews to merge the feature any
time now, since we should aware of v8.4 schedule.
I really would like folks to help/volunteer reviewing the patches, please!
- Simon Riggs requires a new GUC option to turn on/off row-level security
labeling to reduce storage comsumption, then updated as follows:
- Bruce Momjian suggested Row-level database ACLs to be compiled in default.
- Discussions for default compile options: PostgreSQL doesn't prefer compile
time option to turn on/off features, except for platform specific one.
SE-PostgreSQL is indeed platform specific feature. But, it makes other
issue that need mutually-exclusive enhanced security feature.
We concluded it as follows:
- All configurable features should be compiled within a single binary.
- Both of DAC and MAC should be available simultaneously in row-level also.
- DAC is hardwired, and we allow users to choose an enhanced security feature.
- I updated the patch set to support both of Row-level database ACLs and
an enhanced security feature (SELinux) simultaneously. ('08/12/17)
- Robert Haas concerned about Stephen Frost's column-level privileges has
a trouble, so it's unclear whether it can get merged into v8.4.
- I also worked for his patch, then it got being ready for commit:
- Alvaro Herrera suggested "static inline" is not preferable.
- Peter Eisentraut commented about its design specifications:
- The hot issues were lack of fine-grained access controls in SQL-level,
and covert channels with row-level controls.
- We finally made agreement to provide platform independent row-level controls,
and explicit documentation about covert channels in PK/FK constraints.
No one didn't want to apply polyinstantiation idea.
- Simon Riggs requires wiki article to introduce SE-PostgreSQL.
- Patch set was updated to support Row-level database ACLs
- The patch set got documentation/testcases.
- Peter Eisentraut commented about some of items:
- Then, these items are updated:
- First patch set for v8.4 were proposed.
- Tom Lane gave us various items to be improved.
- I had a presentation at PGcon2008 ottawa.
* Prior phase
- First proposal of PGACE security framework, but I didn't know it was
just after the date of feature freeze in v8.3. So, it was suggested
to wait for v8.4 development cycle. ('07/04/17)
- 8.2.x based SE-PostgreSQL announced. ('07/09/04)
- SE-PostgreSQL package got merged into Fedora Project. ('07/11/08)
- 8.3.x based SE-PostgreSQL announced. ('08/03/08)
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
pgsql-hackers by date
|Next:||From: Simon Riggs||Date: 2009-01-17 08:54:38|
|Subject: MemoryContextSwitchTo (Re: [GENERAL] Autovacuum daemon terminatedby signal 11)|
|Previous:||From: Alvaro Herrera||Date: 2009-01-17 04:14:33|
|Subject: Re: Autovacuum daemon terminated by signal 11|