Postgres Pro
Downloads
Home   >   mailing lists

Re: SE-PgSQL patch review - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: SE-PgSQL patch review
Date
Msg-id 4B172013.4040100@ak.jp.nec.com
Whole thread Raw
In response to Re: SE-PgSQL patch review  (Ron Mayer <rm_pg@cheapcomplexdevices.com>)
List pgsql-hackers
Tree view 
Ron Mayer wrote:
> Joshua D. Drake wrote:
>> On Tue, 2009-12-01 at 14:46 -0500, Tom Lane wrote:
>>> "Joshua D. Drake" <jd@commandprompt.com> writes:
>>>> On Mon, 2009-11-30 at 20:28 -0800, David Fetter wrote:
>>>>> This is totally separate from the really important question of whether
>>>>> SE-Linux has a future, and another about whether, if SE-Linux has a
>>>>> future, PostgreSQL needs to go there.
>>>> Why would we think that it doesn't?
>>> Have you noticed anyone except Red Hat taking it seriously?
>> I just did a little research and it appears the other two big names in
>> this world (Novel and Ubuntu) are using something called App Armor.
> 
> How much of SE-PgSQL would also complement the App Armor framework?
> 
> Also, yet another MAC system called Tomoyo from NTT was merged into
> the linux kernel earlier this year.
> 
> Is SE-PgSQL orthogonal and/or complimentary to all of those?
> 
> Since I see MAC features continuing to be added to operating
> systems, I can certainly imagine they're important to some
> customers.

Yes, nowadays, Linux has three MAC options: Linux, Smack and Tomoyo.
And AppArmor is now under discussion to merge it.

*In the current state*, our security hooks invoke SE-PgSQL routines
directly, unlike LSM framework in Linux, because it is the first
option for us, and no need to support multiple options now.
(It will simply increase the size of changeset in this stage.)

However, when the second option comes in, we can easily enhance the
security hooks to support multiple MAC framework.
The Smack also needs security label. It will be able to share facilities
to manage security context with SE-PgSQL.

I've often talked with developers of TOMOYO Linux. They currently give
higher priority to upstream all their functionalities into Linux.
But it also may be a valueable theme for them.
At least, I don't think it requires much different hook points more
than SELinux support.

AppArmor's access control model is similar to TOMOYO.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: set the cost of an aggregate function
Next
From: Jon Erdman
Date:
Subject: Proposing new logline_prefix escape...