| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Greg Smith <greg(at)2ndquadrant(dot)com> |
| Subject: | Re: SE-PostgreSQL/Lite Review |
| Date: | 2009-12-17 01:06:33 |
| Message-ID: | 4B298419.9020807@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
(2009/12/12 6:27), Robert Treat wrote:
>> One point. I'd like to introduce a use case without row-level granularity.
>>
>> The page.24 in this slide:
>> http://sepgsql.googlecode.com/files/JLS2009-KaiGai-LAPP_SELinux.pdf
>>
>> shows SELinux performs as a logical wall between virtual domains in
>> web-services. Unlike physical database separation, it also allows to
>> share a part of files/tables from multiple virtual hosts, because of
>> its flexibility.
>>
>
> I got the impression that this is doable with current SEPostgres stuff, would
> be nice to see a little more detailed writeup on how to do it. Especially if
> it could be linked to the hosting providors page in the wiki.
Sorry, I missed to reply your message.
It needs to set up apache and selinux support module (mod_selinux.so)
correctly. This wiki article introduce the way to set up per virtualhost
separation using SELinux.
http://code.google.com/p/sepgsql/wiki/Apache_SELinux_plus?wl=en#Per_virtual-host_separation
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-12-17 04:20:57 | Re: Largeobject Access Controls (r2460) |
| Previous Message | Andrew Gierth | 2009-12-17 01:01:03 | Re: Does "verbose" Need to be Reserved? |