| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | Sam Mason <sam(at)samason(dot)me(dot)uk>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SE-PostgreSQL Specifications |
| Date: | 2009-07-26 12:17:15 |
| Message-ID: | 4A6C494B.3040304@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei wrote:
>
> The SELinux provides a certain process privilege to make backups and
> restore them. In the (currect) default policy, it is called "unconfined".
>
> However, it is also *possible* to define a new special process privilege
> for backup and restore tools. For example, it can access all the databse
> objects and can make backups, but any other process cannot touch the
> backup files. It means that DBA can launch a backup tool and it creates
> a black-boxed file, then he cal also lauch a restore tool to restore
> the black-boxed backup, but he cannot see the contents of the backup.
> (It might be a similar idea of "sudo" mechanism.)
>
>
Really? How you enforce this black box rule for a backup made across the
network? From the server's POV there is no such thing as a backup. All
it sees is a set of SQL statements all of which it might see in some
other context.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Stehule | 2009-07-26 13:29:27 | Re: Patch for 8.5, transformationHook |
| Previous Message | Sam Mason | 2009-07-26 11:35:41 | Re: SE-PostgreSQL Specifications |