Re: Spoofing as the postmaster

Joshua D. Drake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, 29 Dec 2007 14:40:29 -0500 (EST)
> Greg Smith <gsmith(at)gregsmith(dot)com> wrote:
>
>> On Sat, 29 Dec 2007, Joshua D. Drake wrote:
>>
>>> http://code.google.com/p/sepgsql/
>>> ???
>> Getting that to work required some obtrusive changes to the source
>> code, which they've only done to 8.2.4. Even that doesn't seem to be
>> production-quality and it's not clear how that will make its way into
>> newer versions yet.
>
> "they've" has the potential to be "we"... As I recall the individual
> made a reasonable effort to introduce the work that he was doing to the
> community.
>
> http://archives.postgresql.org/pgsql-hackers/2007-03/msg00271.php
> http://archives.postgresql.org/pgsql-hackers/2007-04/msg00664.php

If my memory is correct, the alpha implementation was announced after
the feature freeze date of 8.3.
# Sorry for my lacking of understanding for PostgreSQL development processes.

Therefore, Tom suggested this kind of discussion should be restarted
after the release of 8.3. I also agreed it.

>> But unless
>> there's somebody else with a burning need to work on this area I
>> doubt that will happen--there's nothing about SELinux that anybody
>> does just for fun.
>
> Ya think? :P
>
> I recognize that this "SE PGSQL" has the potential to be a portability
> nightmare (as it only works on linux) but it certainly has potential to
> give us a leg up on a lot of work.

Yes, it works only on Linux.
I added --enable-selinux build option into the configure script.
It prevent to enable SE-PostgreSQL feature on any other plathomes.

> Anyway, not saying its good code but I did read the docs and it sure
> looks cool.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>