| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-08 21:42:25 |
| Message-ID: | 603c8f070912081342h22453d7cge531cf8d6ff4279a@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Dec 8, 2009 at 3:24 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>> One of the major and fundamental stumbling blocks we've run into is
>> that every solution we've looked at so far seems to involve adding
>> SE-Linux-specific checks in many places in the code.
>
> I've really got to take exception to this. I've only been following
> along and not really participating because, to be honest, I'm frustrated
> with how this has gone down. In the end there were at least two
> patches, in my view, that *didn't* involve adding SE-Linux-specific
> checks everywhere. The patch that I reviewed that got thrown out by
> Tom, and the original PGACE framework. Both of those added alot of
> *hooks*, because they were necessary, but nothing made those hooks
> particularly "SELinux-specifc". We're hearing alot about things being
> SELinux-specific from people who also profess to not know SELinux.
Sorry. I spent a lot of time for both CommitFest 2008-11 and
CommitFest 2009-07 in the hopes of getting something committable, and
I wasn't successful. I'm just at the end of my rope. It seems fairly
clear that Tom isn't going to commit any piece of SE-PostgreSQL at
all, ever. So who's going to do it? It doesn't make any sense to
continue trucking along with this patch into the indefinite future if
it has no hope of being committed.
Frankly, I think this comes down to money. There are several
PostgreSQL companies which employ very capable PostgreSQL committers.
When someone is willing to pony up enough money to get those people
interested (as, I gather, has happened with block-checksumming) then
this will happen. Until then, I don't believe anyone is going to
volunteer to be responsible for a 10,000-line patch in their free
time. Tom is the only one crazy enough for that, and he said no.
The next time someone submits a huge, unsolicited patch to do
ANYTHING, we should do them a favor and tell them this up front,
rather than a year and a half later. Then they could have the
appropriate conversations with the appropriate people and determine
whether to budget for it or give up. What has happened with this
patch has not served KaiGai well, or improved the image of this
community.
> I agree that's frustrating, but I don't see it as a
> particular reason to throw out the entire concept of a modular security
> framework.
I don't either. There were certainly technical things in the previous
patch that could stand to have been improved, and I think the general
approach has some potential.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-12-08 21:51:50 | Re: Adding support for SE-Linux security |
| Previous Message | David P. Quigley | 2009-12-08 21:41:58 | Re: Adding support for SE-Linux security |