From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
---|---|
To: | Greg Smith <gsmith(at)gregsmith(dot)com> |
Cc: | pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Spoofing as the postmaster |
Date: | 2008-01-07 09:03:11 |
Message-ID: | 4781EACF.6080406@ak.jp.nec.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Greg Smith wrote:
> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
>
>> http://code.google.com/p/sepgsql/
>> ???
>
> Getting that to work required some obtrusive changes to the source code,
> which they've only done to 8.2.4. Even that doesn't seem to be
> production-quality and it's not clear how that will make its way into
> newer versions yet.
Sorry for my late responding.
I don't argue your opinion about its quality issue.
We indeed need more feedbacks and improvements from widespread viewpoints.
The current status of SE-PostgreSQL is a bit incorrect.
The latest one is sepostgresql-8.2.5-1.66.fc9, based on 8.2.5.
See, http://download.fedora.redhat.com/pub/fedora/linux/development/
Currently, we are paying efforts to port SE-PostgreSQL features
into 8.3.x based PostgreSQL.
(It is based on 8.3beta based PostgreSQL in correct.)
> The job here is to work on the SELinux policies for PostgreSQL. You
> can't just re-use whatever work has gone into the SE-PostgreSQL ones,
> because those presume you're using their modified server instead of the
> regular one.
Yes, SE-PostgreSQL requires to stop the regular one when it works.
We cannot use both of them at the same time.
However, the default security policy is designed as if it works
like regular one without any special SELinux configuration.
If you can find out any bug or unclear behavior, I want you to report it.
> I started collecting notes and writing a PostgreSQL/SELinux how-to aimed
> at RHEL 5.0+ but I'm not doing work in that area anymore.
I'm interested in this effort.
Could you tell me the URL?
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
From | Date | Subject | |
---|---|---|---|
Next Message | KaiGai Kohei | 2008-01-07 09:10:34 | Re: Spoofing as the postmaster |
Previous Message | Joshua D. Drake | 2008-01-07 05:59:54 | Re: Bug: Unreferenced temp tables disables vacuum to update xid |