Re: SE-PgSQL patch review

Tom Lane wrote:
> "Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
>> On Mon, 2009-11-30 at 20:28 -0800, David Fetter wrote:
>>> This is totally separate from the really important question of whether
>>> SE-Linux has a future, and another about whether, if SE-Linux has a
>>> future, PostgreSQL needs to go there.
>
>> Why would we think that it doesn't?
>
> Have you noticed anyone except Red Hat taking it seriously?
>
> I work for Red Hat and have drunk a reasonable amount of the SELinux
> koolaid, but I can't help observing that it's had very limited uptake
> outside Red Hat. It's not clear that there are many people who find
> it a cost-effective solution to their problems. As for the number of
> people prepared to write custom policy for it --- which would be
> required to use it effectively for almost any PG application ---
> I could probably hold a house party for all of them and not break a
> sweat serving drinks.

If you concerned about SELinux support may not drive explosive growth
in the number of PostgreSQL users, it is correct. It focuses on the
people who concerned about system security including RDBMS.
It is indeed a niche. All the people does not store their classified
information within databases. But, it is also a fact there are certain
demands, not limited to existing SELinux and PostgreSQL users.
("Synergetic effect" is a correct English expression?)

Now PostgreSQL has various kind of optional features. I think these are
not always valuable for all the people, but it is valuable for users who
enabled the features. SELinux support is not a special case.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>