Am Donnerstag, 26. Juni 2008 schrieb KaiGai Kohei:
> The following patch set (r926) are updated one toward the latest CVS head,
> and contains some fixes in security policy and documentation.
OK, I have quickly read through these patches. They look very nice, so I am
optimistic we can get through this.
First of all, now would be a good time if someone out there really wants to
object to this feature in general. It will probably always be a niche
feature. But all the code is hidden behind ifdefs or other constructs that a
compiler can easily hide away (or we can make it so, at least).
Here is a presentation from PGCon on SE-PostgreSQL:
http://www.pgcon.org/2008/schedule/events/77.en.html
Are there any comments yet from the (Trusted)Solaris people that wanted to
evaluate this approach for compatibility with their approach?
In general, are we OK with the syntax CONTEXT = '...'? I would rather see
something like SECURITY CONTEXT '...'. There are a lot of contexts, after
all.
This will also add a system column called security_context. I think that is
OK.
In the pg_dump patch:
spelling mistake "tuen on/off"
Evil coding style: if (strcmp(SELINUX_SYSATTR_NAME, security_sysattr_name)) --
compare the result with 0 please.
The above code appears to assume that security_sysattr_name never changes, but
then why do we need a GUC parameter to show it?
Might want to change the option name --enable-selinux to something
like --security-context.
In general, we might want to not name things selinux_* but instead
sepostgresql_* or security_* or security_context_*. Or maybe PGACE?
On the default policy:
Should this really be a contrib module? Considering that it would be a core
feature that is not really usable without a policy.
Please change all the sepgsql_* things to sepostgresql_*, considering that you
are using both already, so we shouldn't have both forms of names.
Documentation:
Looks good for a start, but we will probably want to write more later.