| From: | Greg Smith <gsmith(at)gregsmith(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Spoofing as the postmaster |
| Date: | 2007-12-29 19:40:29 |
| Message-ID: | Pine.GSO.4.64.0712291425460.28100@westnet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sat, 29 Dec 2007, Joshua D. Drake wrote:
> http://code.google.com/p/sepgsql/
> ???
Getting that to work required some obtrusive changes to the source code,
which they've only done to 8.2.4. Even that doesn't seem to be
production-quality and it's not clear how that will make its way into
newer versions yet.
The job here is to work on the SELinux policies for PostgreSQL. You can't
just re-use whatever work has gone into the SE-PostgreSQL ones, because
those presume you're using their modified server instead of the regular
one.
I started collecting notes and writing a PostgreSQL/SELinux how-to aimed
at RHEL 5.0+ but I'm not doing work in that area anymore. On reflection I
might just release what I did so far to the developer's wiki and see if
anybody else fills in the missing pieces. But unless there's somebody
else with a burning need to work on this area I doubt that will
happen--there's nothing about SELinux that anybody does just for fun.
--
* Greg Smith gsmith(at)gregsmith(dot)com http://www.gregsmith.com Baltimore, MD
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2007-12-29 20:15:28 | Re: Spoofing as the postmaster |
| Previous Message | Tom Lane | 2007-12-29 19:20:31 | Re: Spoofing as the postmaster |