Re: Adding support for SE-Linux security

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, KaiGai Kohhookei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-11 20:28:12
Message-ID: 20091211202812.GD17756@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

* Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> OK, it's clear that I've handled this badly. Sorry. My fear (however
> unjustified) was that someone would go and rewrite the patch based on
> an opinion that I express whether they agree with it or not.

That's always going to be a risk in an open-discussion environment.
Additionally, that's exactly what happened to me last go round- KaiGai
rewrote the patch based on my ideas and suggestions, and the result was
summarairly tossed out by Tom. Did it suck? Yes, heavily, and it
frustrated me to the point that I specifically asked to not be the
reviewer for SEPG during the next commitfest. At the same time,
what KaiGai or others spend time on is up to them (and/or their
employers).

I sincerely hope that even if you suggest an approach down the road
unrelated to this on some other patch you're reviewing, and then you see
the results and say "whoah, that's horrible, and should never be
committed", that you understand none of us would want you to commit it.
Sharing your ideas or putting out suggestions isn't a commitment on your
part that you'll commit the results when someone else rights it. Heck,
I bet you've been down that road on your own projects and come to the
realization at the end of "err, bad idea" and not committed it.

Allow me to say, my apologies, I feel like I may have over-reacted a bit
for my part as well.

> So with that said, the idea I had was to try to pass around
> pre-existing data structures related to the objects on which access
> control decisions are being made, rather than Oids.

That thought had crossed my mind as well, but I wasn't convinced that
would actually be seen as a signifigantly different API to just having
the arguments passed inline... Then again, using structures does
allow you to add to them without having to modify the function
definitions, and would allow David's suggestion of using function
pointers to work, which we do in some other specific cases. I guess I'm
curious if we (PG) have any particular feeling one way or the other
about function pointers; I just don't recall seeing them used terribly
often and would worry about that they might be passively discouraged?

> It does have a bit of a rock management feel to it and I
> really want to see if we can find a way to break that cycle.

Agreed. It's been a point of frustration for me, but I've been trying
to work with it so long as we at least get some constructive critisim
back (Tom's review of the patch I reviewed fell into the "questionable"
category for me on that call, which is what really frustrated me the
most about it). A cyclic approach is typical in all software
development, it's when information stops flowing about why something
doesn't meet expectations or requirments that progress breaks down.

Thanks!

Stephen

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Nikolas Everett 2009-12-11 20:43:59 Re: 8.4.1 ubuntu karmic slow createdb
Previous Message Tom Lane 2009-12-11 20:27:47 Re: random() in multi-threaded pgbench