Re: Adding support for SE-Linux security

From: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Stephen Frost <sfrost(at)snowman(dot)net>, Bruce Momjian <bruce(at)momjian(dot)us>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-16 02:56:02
Message-ID: 4B284C42.6070606@ak.jp.nec.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

(2009/12/16 0:03), Robert Haas wrote:
> But these patches are, unfortunately, not technically excellent.
> There have been multiple reviews of these patches that have produced
> extensive laundry lists of items to be fixed. In the ordinary course
> of events, that leads to one of two things happening: either the patch
> author fixes most or all the problems and comes back with a patch that
> shows marked improvement, or he or she gives up. This patch is unique
> in my experience in that it has gone through - I believe - six
> CommitFests now without either of those things happening. Not that
> there hasn't been any improvement, but the ratio of reviewing-work to
> improvement seems to be much higher than what is typical for us. Like
> Stephen, I believe we need some additional resources who can improve
> that ratio before we can really make a push to get this done.

I had a talk with Stephen off list to make clear what I wondered.
It became apparent that I misunderstood the meaning of "cleanup first".
IIUC, he suggested to consolidate permission checks in several places
(such as createdb()) into same place to make more suitable for upcoming
framework, but the default PG checks are still inlined, not consolidated to
backend/security/*.

He also concerned our earlier approach has required higher hurdle to
join development, because it tried to do something useful feature although
a lot of features are separated, so past patch had to touch both of core
routines and selinux specific code.

So, I agreed with his opinion that we should restart from the pure cleanup
of the existing PG checks to make them more suitable for the upcoming security
framework. The scope of this effort stay in the pgsql world 100%. I don't
think it is an incorrect approach now.

In actually, I was suggested similar things at the begining of CF#3 from
Itagaki-san, but it was unclear whether we should go through the smaller
SE-PgSQL patch first or security framework first at that time.

I'll submit a small conceptual patch soon, as a draft.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Fujii Masao 2009-12-16 03:28:26 Re: Streaming replication and non-blocking I/O
Previous Message Kurt Harriman 2009-12-16 02:30:08 Re: Patch: Remove gcc dependency in definition of inline functions