Re: Adding support for SE-Linux security

From: Magnus Hagander <magnus(at)hagander(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Adding support for SE-Linux security
Date: 2009-12-11 09:31:45
Message-ID: 9837222c0912110131w6f53687dj16f5843398186ed3@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Fri, Dec 11, 2009 at 05:45, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>>> My guess is that a credible SEPostgres offering will require a long-term
>>> amount of work at least equal to, and very possibly a good deal more
>>> than, what it took to make a native Windows port.
>
>> The SEPostgres community is surely a lot smaller than the Windows
>> community, but I'm not sure whether the effort estimate is accurate or
>> not.  If "credible" includes "row-level security", then I think I
>> might agree, but right now we're just trying to get off the ground.
>
> It's been perfectly clear since day one, and was reiterated as recently
> as today
> http://archives.postgresql.org/message-id/4B21757E.7090806@2ndquadrant.com
> that what the security community wants is row-level security.  The

If that is true, then shouldn't we have an implementation of row level
security *first*, and then an implementation of selinux hooks that
work with this row level security feature? Rather than first doing
selinux hooks, then row level security, which will likely need new
and/or changed hooks...

I'm not convinced that row level security is actually that necessary
(though it's a nice feature, with or without selinux), but if it is,
it seems we are approaching the problem from the wrong direction.

--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2009-12-11 13:56:02 Re: Adding support for SE-Linux security
Previous Message KaiGai Kohei 2009-12-11 09:18:12 Re: SE-PostgreSQL/Lite Review