From: | Aidan Van Dyk <aidan(at)highrise(dot)ca> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, josh(at)agliodbs(dot)com, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |
Date: | 2008-09-24 13:29:22 |
Message-ID: | 20080924132922.GP3071@yugib.highrise.ca |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Robert Haas <robertmhaas(at)gmail(dot)com> [080924 00:15]:
> But I do think
> it's worthwhile to ask whether it makes sense to introduce a bunch of
> features that are only usable to people running SELinux.
Actually, I'ld go one stroke farther, and ask:
Does it make sense to introduce a bunch of features that are only
usable to people *able to write proper SELinux policy sets* (or whatever
they are called).
> it's very easy to imagine
> people wanting that feature, but NOT being willing to run SELinux to
> get it.
Or, being more generous even, able to *run* SELinux, but not able to
create a proper coherent set of SELinux policies... SELinux is
"standard" now on most RHEL installs (and FC, and now debian, etc), but
how many admins have actually "made" (or even just altered) a SELinux
policy, and how many have just disabled it because it prevented what
they thought should be a valid operation?
I'm sure NSA can do both of these, but I would hazard that the number of
other people able to do this well can probably be counted on my
fingers...
a.
--
Aidan Van Dyk Create like a god,
aidan(at)highrise(dot)ca command like a king,
http://www.highrise.ca/ work like a slave.
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2008-09-24 13:35:33 | Re: [HACKERS] 0x1A in control file on Windows |
Previous Message | Andrew Dunstan | 2008-09-24 13:27:32 | Re: [HACKERS] 0x1A in control file on Windows |