| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | jd(at)commandprompt(dot)com |
| Cc: | David Fetter <david(at)fetter(dot)org>, Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SE-PgSQL patch review |
| Date: | 2009-12-01 19:46:27 |
| Message-ID: | 6133.1259696787@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Joshua D. Drake" <jd(at)commandprompt(dot)com> writes:
> On Mon, 2009-11-30 at 20:28 -0800, David Fetter wrote:
>> This is totally separate from the really important question of whether
>> SE-Linux has a future, and another about whether, if SE-Linux has a
>> future, PostgreSQL needs to go there.
> Why would we think that it doesn't?
Have you noticed anyone except Red Hat taking it seriously?
I work for Red Hat and have drunk a reasonable amount of the SELinux
koolaid, but I can't help observing that it's had very limited uptake
outside Red Hat. It's not clear that there are many people who find
it a cost-effective solution to their problems. As for the number of
people prepared to write custom policy for it --- which would be
required to use it effectively for almost any PG application ---
I could probably hold a house party for all of them and not break a
sweat serving drinks.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2009-12-01 19:51:08 | Re: Block-level CRC checks |
| Previous Message | Greg Stark | 2009-12-01 19:41:57 | Re: Block-level CRC checks |