Re: Spoofing as the postmaster

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Greg Smith <gsmith(at)gregsmith(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Spoofing as the postmaster
Date: 2008-01-07 09:03:11
Message-ID: 4781EACF.6080406@ak.jp.nec.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Greg Smith wrote:
> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
>
>> http://code.google.com/p/sepgsql/
>> ???
>
> Getting that to work required some obtrusive changes to the source code,
> which they've only done to 8.2.4. Even that doesn't seem to be
> production-quality and it's not clear how that will make its way into
> newer versions yet.

Sorry for my late responding.

I don't argue your opinion about its quality issue.
We indeed need more feedbacks and improvements from widespread viewpoints.

The current status of SE-PostgreSQL is a bit incorrect.
The latest one is sepostgresql-8.2.5-1.66.fc9, based on 8.2.5.
See, http://download.fedora.redhat.com/pub/fedora/linux/development/

Currently, we are paying efforts to port SE-PostgreSQL features
into 8.3.x based PostgreSQL.
(It is based on 8.3beta based PostgreSQL in correct.)

> The job here is to work on the SELinux policies for PostgreSQL. You
> can't just re-use whatever work has gone into the SE-PostgreSQL ones,
> because those presume you're using their modified server instead of the
> regular one.

Yes, SE-PostgreSQL requires to stop the regular one when it works.
We cannot use both of them at the same time.

However, the default security policy is designed as if it works
like regular one without any special SELinux configuration.
If you can find out any bug or unclear behavior, I want you to report it.

> I started collecting notes and writing a PostgreSQL/SELinux how-to aimed
> at RHEL 5.0+ but I'm not doing work in that area anymore.

I'm interested in this effort.
Could you tell me the URL?

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message KaiGai Kohei 2008-01-07 09:10:34 Re: Spoofing as the postmaster
Previous Message Joshua D. Drake 2008-01-07 05:59:54 Re: Bug: Unreferenced temp tables disables vacuum to update xid