[0/4] Proposal of SE-PostgreSQL patches - Mailing list pgsql-patches
From | Kohei KaiGai |
---|---|
Subject | [0/4] Proposal of SE-PostgreSQL patches |
Date | |
Msg-id | 47DDF2C4.6010404@ak.jp.nec.com Whole thread Raw |
Responses |
[1/4] Proposal of SE-PostgreSQL patches
(Kohei KaiGai <kaigai@ak.jp.nec.com>)
[2/4] Proposal of SE-PostgreSQL patches (Kohei KaiGai <kaigai@ak.jp.nec.com>) Re: [HACKERS] [0/4] Proposal of SE-PostgreSQL patches (Alvaro Herrera <alvherre@commandprompt.com>) Re: [HACKERS] [0/4] Proposal of SE-PostgreSQL patches (KaiGai Kohei <kaigai@kaigai.gr.jp>) Re: [HACKERS] [0/4] Proposal of SE-PostgreSQL patches (Josh Berkus <josh@agliodbs.com>) |
List | pgsql-patches |
The series of patches are the proposal of Security-Enhanced PostgreSQL (SE-PostgreSQL) for the upstreamed PostgreSQL 8.4 development cycle. [1/4] sepostgresql-pgace-8.4devel-3.patch provides PGACE (PostgreSQL Access Control Extension) framework [2/4] sepostgresql-sepgsql-8.4devel-3.patch provides SE-PostgreSQL feature, based on PGACE framework. [3/4] sepostgresql-pg_dump-8.4devel-3.patch enables pg_dump to dump database with security attribute. [4/4] sepostgresql-policy-8.4devel-3.patch provides the default security policy for SE-PostgreSQL. We can provide a quick overview of SE-PostgreSQL at: http://code.google.com/p/sepgsql/wiki/WhatIsSEPostgreSQL Any comment and suggestion are welcome. Thanks, ENVIRONMENT ----------- Please confirm your environment. The followings are requriements of SE-PostgreSQL. * Fedora 8 or later system * SELinux is enabled and working * kernel-2.6.24 or later * selinux-policy and selinux-policy-devel v3.0.8 or later * libselinux, policycoreutils INSTALLATION ------------ $ tar jxvf postgresql-snapshot.tar.bz2 $ cd postgresql-snapshot $ patch -p1 < ../sepostgresql-pgace-8.4devel-3.patch $ patch -p1 < ../sepostgresql-sepgsql-8.4devel-3.patch $ patch -p1 < ../sepostgresql-pg_dump-8.4devel-3.patch $ patch -p1 < ../sepostgresql-policy-8.4devel-3.patch $ ./configure --enable-selinux $ make $ make -C contrib/sepgsql-policy $ su # make install # /usr/sbin/semodule -i contrib/sepgsql-policy/sepostgresql.pp (NOTE: semodule is a utility to load/unload security policy modules.) # /sbin/restorecon -R /usr/local/pgsql (NOTE: restorecon is a utilicy to initialize security context of files.) SETUP ----- # mkdir -p /opt/sepgsql # chown foo_user:var_group /opt/sepgsql # chcon -t postgresql_db_t /opt/sepgsql (NOTE: chcon is a utility to set up security context of files.) # exit $ /usr/sbin/run_init /usr/local/pgsql/bin/initdb -D /opt/sepgsql (NOTE: run_init is a utility to start a program, as if it is branched from init script.) $ /usr/local/pgsql/bin/pg_ctl -D /opt/sepgsql start -- OSS Platform Development Division, NEC KaiGai Kohei <kaigai@ak.jp.nec.com>
pgsql-patches by date: