(2010/08/16 23:40), Robert Haas wrote:
> 2010/8/16 KaiGai Kohei<kaigai@ak.jp.nec.com>:
>> Although nobody paid an attention, it seems to me a problem to be fixed.
>>
>> The attached patch fixes the problem using a simple idea which adds
>> process_shared_preload_libraries() at PostgresMain() when we launched
>> it in single-user mode.
>
> I have no confidence at all that this is a sane thing to do. I think
> any enhanced security provider that needs system objects to be
> labelled should provide a script to label them after the fact. You
> can't count on everyone who wants to use SE-PostgreSQL having made
> that decision at initdb time. I think we want to keep single-user
> mode as lean and mean as possible, so that people can rely on it when
> they need to fix their broken database.
>
I also agree it is nonsense to make access control decision during
initdb phase, but it is not the reason why I want to fix this problem.
I plan to provide a script that assigns initial security label after
the initdb, but before launching postmaster. This script tries to execute
postgres in single-user mode, then labels database objects according to
the system setting. But the sepgsql module is not loaded currently.
I want to kick this job in single-user mode, not normal processing mode,
because we can simplify several stuffs. For example, we don't need to
check whether the user has privilege to assign initial labels, because
it is obvious people who launch initdb has superpower on whole of the
database. In addition, we don't need to consider a possibility that
someone create a new database object during initial labeling.
So, I'd like to fix the problem.
Thanks,
--
KaiGai Kohei <kaigai@ak.jp.nec.com>
