| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Robert Haas" <robertmhaas(at)gmail(dot)com>, "Bruce Momjian" <bruce(at)momjian(dot)us> |
| Cc: | "Josh Berkus" <josh(at)agliodbs(dot)com>, "KaiGai Kohei" <kaigai(at)ak(dot)jp(dot)nec(dot)com>,<jd(at)commandprompt(dot)com>, "David Fetter" <david(at)fetter(dot)org>, "KaiGai Kohei" <kaigai(at)kaigai(dot)gr(dot)jp>, "Itagaki Takahiro" <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, <pgsql-hackers(at)postgresql(dot)org>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-07 15:48:31 |
| Message-ID: | 4B1CCF6F020000250002D11E@gw.wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> wrote:
>> Personally, I think AppArmor is a saner security system:
>>
>>
http://www.novell.com/linux/security/apparmor/selinux_comparison.html
> Agreed.
> I'd like to see us be able to support it. One of the things that
> I think would be worth looking into is whether there is a way to
> make this pluggable, so that selinux and apparmor and trusted
> solaris and so on could make use of the same framework
Given the extreme patience and diligence exhibited by KaiGai, I
hesitate to say this, but it seems to me that this would be
critically important for the long term success of this feature. I
have no idea how much work it would be to make the interface to the
external security system pluggable, but if it's at all feasible, I
think it should be done.
-Kevin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2009-12-07 15:49:12 | Re: cvs chapters in our docs |
| Previous Message | Tom Lane | 2009-12-07 15:47:51 | Re: cvs chapters in our docs |