[0/4] Proposal of SE-PostgreSQL patches - Mailing list pgsql-patches
| From | Kohei KaiGai |
|---|---|
| Subject | [0/4] Proposal of SE-PostgreSQL patches |
| Date | |
| Msg-id | 47DDF2C4.6010404@ak.jp.nec.com Whole thread Raw |
| Responses |
[1/4] Proposal of SE-PostgreSQL patches
(Kohei KaiGai <kaigai@ak.jp.nec.com>)
[2/4] Proposal of SE-PostgreSQL patches (Kohei KaiGai <kaigai@ak.jp.nec.com>) Re: [HACKERS] [0/4] Proposal of SE-PostgreSQL patches (Alvaro Herrera <alvherre@commandprompt.com>) Re: [HACKERS] [0/4] Proposal of SE-PostgreSQL patches (KaiGai Kohei <kaigai@kaigai.gr.jp>) Re: [HACKERS] [0/4] Proposal of SE-PostgreSQL patches (Josh Berkus <josh@agliodbs.com>) |
| List | pgsql-patches |
The series of patches are the proposal of Security-Enhanced PostgreSQL
(SE-PostgreSQL) for the upstreamed PostgreSQL 8.4 development cycle.
[1/4] sepostgresql-pgace-8.4devel-3.patch
provides PGACE (PostgreSQL Access Control Extension) framework
[2/4] sepostgresql-sepgsql-8.4devel-3.patch
provides SE-PostgreSQL feature, based on PGACE framework.
[3/4] sepostgresql-pg_dump-8.4devel-3.patch
enables pg_dump to dump database with security attribute.
[4/4] sepostgresql-policy-8.4devel-3.patch
provides the default security policy for SE-PostgreSQL.
We can provide a quick overview of SE-PostgreSQL at:
http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL
Any comment and suggestion are welcome.
Thanks,
ENVIRONMENT
-----------
Please confirm your environment.
The followings are requriements of SE-PostgreSQL.
* Fedora 8 or later system
* SELinux is enabled and working
* kernel-2.6.24 or later
* selinux-policy and selinux-policy-devel v3.0.8 or later
* libselinux, policycoreutils
INSTALLATION
------------
$ tar jxvf postgresql-snapshot.tar.bz2
$ cd postgresql-snapshot
$ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch
$ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch
$ ./configure --enable-selinux
$ make
$ make -C contrib/sepgsql-policy
$ su
# make install
# /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp
(NOTE: semodule is a utility to load/unload security policy modules.)
# /sbin/restorecon -R /usr/local/pgsql
(NOTE: restorecon is a utilicy to initialize security context of files.)
SETUP
-----
# mkdir -p /opt/sepgsql
# chown foo_user:var_group /opt/sepgsql
# chcon -t postgresql_db_t /opt/sepgsql
(NOTE: chcon is a utility to set up security context of files.)
# exit
$ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql
(NOTE: run_init is a utility to start a program, as if it is branched from init script.)
$ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
pgsql-patches by date: