| From: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Joshua Brindle <method(at)manicmethod(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: How to get SE-PostgreSQL acceptable |
| Date: | 2009-01-31 00:28:31 |
| Message-ID: | 49839B2F.4060008@kaigai.gr.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Andrew Dunstan wrote:
>
>
> Josh Berkus wrote:
>> Joshua, Kohei-san,
>>
>> So, for 8.4: *if* we included in 8.4 a version of SEPostgres with all
>> features *except* row-level security, would it still be useful to the
>> SELinux community?
>>
>> I think we're just not going to work out the headache-inducing issues
>> around row-level security in time for 8.4, and it seems to me that
>> integrated system-level security labels at the table-and-column level
>> are still very useful, even without row-level security.
>
> Hasn't a plan for this already been posted? See
> http://archives.postgresql.org/pgsql-hackers/2009-01/msg02407.php
FYI:
* previous full-functional SE-PostgreSQL/Row-ACLs
[kaigai(at)fedora10 security]$ wc -l *.c */*.c
729 pgaceCommon.c
1547 pgaceHooks.c
721 rowacl/rowacl.c
1200 sepgsql/avc.c
623 sepgsql/core.c
1019 sepgsql/hooks.c
785 sepgsql/permissions.c
1097 sepgsql/proxy.c
7721 total
* A lite SE-PostgreSQL without row-level security,
large object support, writable system column
[kaigai(at)fedora10 sepgsql]$ wc -l *.c
904 checker.c
1181 avc.c
360 core.c
55 dummy.c
683 hooks.c
478 label.c
553 perms.c
4214 total
Today, I'll debug the modified code...
--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2009-01-31 01:28:24 | Re: How to get SE-PostgreSQL acceptable |
| Previous Message | KaiGai Kohei | 2009-01-31 00:20:05 | Re: How to get SE-PostgreSQL acceptable |