Postgres Pro
Downloads
Home   >   mailing lists

Re: Adding support for SE-Linux security - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Adding support for SE-Linux security
Date
Msg-id 200912050514.nB55E2B10554@momjian.us
Whole thread Raw
In response to Re: Adding support for SE-Linux security  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: Adding support for SE-Linux security
List pgsql-hackers
Tree view 
Robert Haas wrote:
> Actually, we tried that already, in a previous iteration of this
> discussion.  Someone actually materialized and commented on a few
> things.  The problem, as I remember it, was that they didn't know much
> about PostgreSQL, so we didn't get very far with it.  Unfortunately, I
> can't find the relevant email thread at the moment.
> 
> In fact, we've tried about everything with these patches.  Tom
> reviewed them, Bruce reviewed them, Peter reviewed them, I reviewed
> them, Stephen Frost reviewed them, Heikki took at least a brief look
> at them, and I think there were a few other people, too.  The first
> person who I can recall being relatively happy with any version of
> this patch was Stephen Frost, commenting on the access control
> framework that we suggested KaiGai try to separate from the main body
> of the patch to break it into more managable chunks.  That patch was
> summarily rejected by Tom for what I believe were valid reasons.  In
> other words, in 18 months of trying we've yet to see something that is
> close to being committable.  Contrast that with Hot Standby, which
> Heikki made a real shot at committing during the first CommitFest to
> which it was submitted.
> 
> I think David Fetter summarized it pretty well here - the rest of the
> thread is worth reading, too.
> 
> http://archives.postgresql.org/pgsql-hackers/2009-07/msg01159.php
> 
> I think the only chance of this ever getting committed is if a
> committer volunteers to take ownership of it, similar to what Heikki
> has done for Hot Standby and Streaming Replication.  Right now, we
> don't have any volunteers, and even if Tom or Heikki were interested,
> I suspect it would occupy their entire attention for several
> CommitFests just as HS and SR have done for Heikki.  I suspect the
> amount of work for SE-PostgreSQL might even be larger than for HS.  If
> we DON'T have a committer who is willing to own this, then I don't
> think there's a choice other than giving up.

I offered to review it.  I was going to mostly review the parts that
impacted our existing code, and I wasn't going to be able to do a
thorough job of the SE-Linux-specific files.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: Adding support for SE-Linux security
Next
From: Tom Lane
Date:
Subject: Re: add more frame types in window functions (ROWS)