Postgres Pro
Downloads
Home   >   mailing lists

Re: Adding support for SE-Linux security - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: Adding support for SE-Linux security
Date
Msg-id 200912071800.nB7I0KB01863@momjian.us
Whole thread Raw
In response to Re: Adding support for SE-Linux security  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: Adding support for SE-Linux security  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: Adding support for SE-Linux security  (Robert Haas <robertmhaas@gmail.com>)
List pgsql-hackers
Tree view 
Robert Haas wrote:
> > Agreed. ?SE-Linux support might expand our user base and give us
> > additional credibility, or it might be a feature that few people use ---
> > and I don't think anyone knows the outcome.
> >
> > I wonder if we should rephrase this as, "How hard will this feature be
> > to add, and how hard will it be to remove in a few years if we decide we
> > don't want it?" ?SE-Linux support would certainly put Postgres in a
> > unique security category, and it builds on our existing good security
> > reputation.
> 
> Yes, I think that's the right way to think about it.  At a guess, it's
> two man-months of work to get it in, and ripping it out is likely
> technically fairly simple but will probably be politically impossible.

I figure if there is sufficient usage, we will not need to remove it,
and if there isn't, we will have no objections to removing it.

> > but I am not advocating AppArmor support. ?I think the whole issue is
> > whether support for external integrated security systems is appropriate
> > for Postgres.
> 
> It's not something I've run into a need for in my own work, but I
> think there are definitely people out there who do need it, and I'd
> like to see us be able to support it.  One of the things that I think
> would be worth looking into is whether there is a way to make this
> pluggable, so that selinux and apparmor and trusted solaris and so on
> could make use of the same framework, but that requires understanding
> all of them well enough to design a framework that can meet all of
> those needs.  Every framework effort we've seen from KaiGai so far has
> seemed extremely SE-Linux-specific and therefore pointless.  But
> really doing this right is a big development project, and not
> something I can do in my free time.

As Alvaro mentioned, the original patch used ACE but it added too much
code so the community requested its removal from the patch.  It could be
re-added if we have a need.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

Previous
From: Greg Stark
Date:
Subject: Re: Block-level CRC checks
Next
From: "Joshua D. Drake"
Date:
Subject: Re: YAML Was: CommitFest status/management