[PATCH] SE-PostgreSQL for v8.5 development (r1769) - Mailing list pgsql-hackers

The following list of patches are the initial revision of SE-PostgreSQL
on the v8.5 development cycle.
These are separated into several functional components to help review
and commit in earlier phase. Every patches (except for the core) have
abour 1KL scales. It is far smaller than them in a year ago. :-)
 http://sepgsql.googlecode.com/files/sepgsql-01-sysatt-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-02-core-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-03-writable-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-04-rowlevel-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-05-perms-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-06-utils-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-07-tests-8.4devel-r1769.patch
http://sepgsql.googlecode.com/files/sepgsql-08-docs-8.4devel-r1769.patch

Needless to say, it is now designed on 8.4devel tree, so anyone who want
to build/install SE-PostgreSQL can apply these patches by hand.
I'll also update and fix them with the progress of v8.4 development.
Before you apply them, please confirm whether they are the latest, or not.

Bruice,
| KaiGai-san, the only option I can offer is perhaps to list a URL for
| your SE-PostgreSQL patch to be applied by people who want to use SE-PG.

Does it mean I need to submit a patch to add an introduction under doc/ ?
If so, I'll submit it as soon as possible.

Thanks,


01) Security system attribute support   scale: 38 files changed, 853 insertions(+), 1 deletion(-), 113 modifications(!)
Thispatch adds a new system catalog "pg_security" and enables to store security identifier associated to a text
representationwithin padding area of HeapTupleHeader, as object identifier doing. It is a foundation of any other
facilities.

02) Core facilities of SE-PostgreSQL   scale: 55 files changed, 3588 insertions(+), 10 deletions(-), 736
modifications(!)This patch adds a mandatory access control feature collaborating with SELinux in table, column,
procedurelevel granurality. Most of this patch is same as I proposed in the v8.4 development cycle, except for it is
designedon the basis of security system attribute support.
 

03) Writable system column support   scale: 7 files changed, 298 insertions(+), 199 modifications(!) This patch enables
usersto update/insert on system columns ("security_label" and "security_acl") with explicit values. This feature is
necessaryto provide a user interface for row-level access controls.
 

04) Row-level access controls support   scale: 31 files changed, 1101 insertions(+), 231 modifications(!) This patch
enablesto apply mandatory/discretionary access control in row-level granularity also.
 

05) Advanced permission checks support   scale: 18 files changed, 858 insertions(+), 3 deletions(-), 43
modifications(!)This patch add some of advanced permission checks:  - file:{read write} on server side filesystem
accesses - db_procedure:{install} on user defined functions as system internal ones  - db_database:{load_module
install_module}on binary shared library files In the v8.4 development, these are suggested to separate from the core.
 

06) Security options in utilities   scale: 4 files changed, 95 insertions(+), 116 modifications(!) This patch adds
optionson utilities  - "--enable-selinux" option for initdb  - "--security-label" option for pg_dump and pg_dumpall
 

07) Testcases of SE-PostgreSQL   scale: 18 files changed, 1819 insertions(+), 2 modifications(!) This patch adds
testcasesfor SE-PostgreSQL.
 

08) Documentation of SE-PostgreSQL   scale: 16 files changed, 1595 insertions(+), 42 modifications(!) This patch adds
documentationsfor SE-PostgreSQL
 

0X) Upcoming patches The following patches are upcoming now. * Reclaim of unused entries in pg_security   I have a plan
toimplement it based on the idea from Robert Haas in:
http://archives.postgresql.org/message-id/603c8f070901281818u3e1fa70brd28e1bfac7adfea9@mail.gmail.com
 * System audit integration with SE-PostgreSQL   Linux has system audit stuff which is used by in-kernel SELinux and
itsuserspace facilities can output audit messages here.   Now SE-PostgreSQL writes out audit messages into PostgreSQL
logs,  but it is more desirable to write it on system audit.
 

-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>