Re: Adding support for SE-Linux security

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-11 14:20:58
Message-ID: 603c8f070912110620l7ae51781m461a573c7e43dde1@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Dec 11, 2009 at 4:31 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> On Fri, Dec 11, 2009 at 05:45, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>>> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>>> My guess is that a credible SEPostgres offering will require a long-term
>>>> amount of work at least equal to, and very possibly a good deal more
>>>> than, what it took to make a native Windows port.
>>
>>> The SEPostgres community is surely a lot smaller than the Windows
>>> community, but I'm not sure whether the effort estimate is accurate or
>>> not.  If "credible" includes "row-level security", then I think I
>>> might agree, but right now we're just trying to get off the ground.
>>
>> It's been perfectly clear since day one, and was reiterated as recently
>> as today
>> http://archives.postgresql.org/message-id/4B21757E.7090806@2ndquadrant.com
>> that what the security community wants is row-level security.  The
>
> If that is true, then shouldn't we have an implementation of row level
> security *first*, and then an implementation of selinux hooks that
> work with this row level security feature? Rather than first doing
> selinux hooks, then row level security, which will likely need new
> and/or changed hooks...
>
> I'm not convinced that row level security is actually that necessary
> (though it's a nice feature, with or without selinux), but if it is,
> it seems we are approaching the problem from the wrong direction.

I don't think there's a correct ordering to SE-PostgreSQL and
row-level security. They're better together, but I don't think either
has to be done first. If we were going to pick one to do first, I'd
pick SE-PostgreSQL. Row-level security is going to be a @$#! of a
project if we want it done right (and we do).

...Robert

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Bernd Helmle 2009-12-11 14:22:03 Re: [PATCH] dtrace probes for memory manager
Previous Message Stephen Frost 2009-12-11 14:20:14 Re: SE-PostgreSQL/Lite Review