Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)

From: Aidan Van Dyk <aidan(at)highrise(dot)ca>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, josh(at)agliodbs(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)
Date: 2008-09-24 13:29:22
Message-ID: 20080924132922.GP3071@yugib.highrise.ca
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Robert Haas <robertmhaas(at)gmail(dot)com> [080924 00:15]:

> But I do think
> it's worthwhile to ask whether it makes sense to introduce a bunch of
> features that are only usable to people running SELinux.

Actually, I'ld go one stroke farther, and ask:
Does it make sense to introduce a bunch of features that are only
usable to people *able to write proper SELinux policy sets* (or whatever
they are called).

> it's very easy to imagine
> people wanting that feature, but NOT being willing to run SELinux to
> get it.

Or, being more generous even, able to *run* SELinux, but not able to
create a proper coherent set of SELinux policies... SELinux is
"standard" now on most RHEL installs (and FC, and now debian, etc), but
how many admins have actually "made" (or even just altered) a SELinux
policy, and how many have just disabled it because it prevented what
they thought should be a valid operation?

I'm sure NSA can do both of these, but I would hazard that the number of
other people able to do this well can probably be counted on my
fingers...

a.
--
Aidan Van Dyk Create like a god,
aidan(at)highrise(dot)ca command like a king,
http://www.highrise.ca/ work like a slave.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2008-09-24 13:35:33 Re: [HACKERS] 0x1A in control file on Windows
Previous Message Andrew Dunstan 2008-09-24 13:27:32 Re: [HACKERS] 0x1A in control file on Windows