| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Joshua Brindle <method(at)manicmethod(dot)com> |
| Subject: | Re: How to get SE-PostgreSQL acceptable |
| Date: | 2009-01-28 15:31:35 |
| Message-ID: | 49807A57.2090903@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>> Even if I implement SE-PostgreSQL as a loadable module, core
>> PostgreSQL has to provide proper hooks in strategic points and
>> facilities to manage security attribute (pg_security system catalog
>> and security_label system column).
>> If you require to implement it without these facilities, I think
>> it is impossible and prefer scraping PGACE and integrate SE- code
>> into core.
>
> I am not in a position to require anything since I am not a committer,
> but I would think that you would need to convince people that the
> facilities which your plugin requires were pretty much the same as the
> facilities that any other future plugin might require - that the
> plugin framework was client-agnostic.
We (as a security folks) know any MAC facility have similar
architecture called as reference monitor, so I believe it is
quite possible to implement them as same basis.
But it is a hard request to take an evidence immediately.
IMO, the framework is purely implementation matter, so it is
not late when the second one appeared.
As I noted to another message, I can accept to integrate limited
functional SE-PostgreSQL without any PGACE.
Thanks,
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2009-01-28 15:38:40 | Re: Hot standby, recovery infra |
| Previous Message | Simon Riggs | 2009-01-28 15:25:49 | Re: Hot standby, recovery infra |