Re: Adding support for SE-Linux security - Mailing list pgsql-hackers

From Robert Haas
Subject Re: Adding support for SE-Linux security
Date
Msg-id 603c8f070912042030wfd5d4bck3a8ae4a37cc90735@mail.gmail.com
Whole thread Raw
In response to Re: Adding support for SE-Linux security  (Josh Berkus <josh@agliodbs.com>)
Responses Re: Adding support for SE-Linux security
Re: Adding support for SE-Linux security
List pgsql-hackers
On Thu, Dec 3, 2009 at 5:23 PM, Josh Berkus <josh@agliodbs.com> wrote:
>
>> In words of one syllable: I do not care at all whether the NSA would use
>> Postgres, if they're not willing to come and help us build it.
>
> There's several 2-syllable words there.  ;-)
>
>  If we
>> tried to build it without their input, we'd probably not produce what
>> they want anyway.
>
> Yeah, the *complete* lack of input/help from the security community
> aside from the occasional "SE Linux good" posts we've gotten is
> troubling.  We could end up with a SQL-J.
>
> Kaigai, you've said that you could get SELinux folks involved in the
> patch review.  I think it's past time that they were; please solicit them.

Actually, we tried that already, in a previous iteration of this
discussion.  Someone actually materialized and commented on a few
things.  The problem, as I remember it, was that they didn't know much
about PostgreSQL, so we didn't get very far with it.  Unfortunately, I
can't find the relevant email thread at the moment.

In fact, we've tried about everything with these patches.  Tom
reviewed them, Bruce reviewed them, Peter reviewed them, I reviewed
them, Stephen Frost reviewed them, Heikki took at least a brief look
at them, and I think there were a few other people, too.  The first
person who I can recall being relatively happy with any version of
this patch was Stephen Frost, commenting on the access control
framework that we suggested KaiGai try to separate from the main body
of the patch to break it into more managable chunks.  That patch was
summarily rejected by Tom for what I believe were valid reasons.  In
other words, in 18 months of trying we've yet to see something that is
close to being committable.  Contrast that with Hot Standby, which
Heikki made a real shot at committing during the first CommitFest to
which it was submitted.

I think David Fetter summarized it pretty well here - the rest of the
thread is worth reading, too.

http://archives.postgresql.org/pgsql-hackers/2009-07/msg01159.php

I think the only chance of this ever getting committed is if a
committer volunteers to take ownership of it, similar to what Heikki
has done for Hot Standby and Streaming Replication.  Right now, we
don't have any volunteers, and even if Tom or Heikki were interested,
I suspect it would occupy their entire attention for several
CommitFests just as HS and SR have done for Heikki.  I suspect the
amount of work for SE-PostgreSQL might even be larger than for HS.  If
we DON'T have a committer who is willing to own this, then I don't
think there's a choice other than giving up.

...Robert


pgsql-hackers by date:

Previous
From: Greg Smith
Date:
Subject: Clearing global statistics
Next
From: Bruce Momjian
Date:
Subject: Re: Adding support for SE-Linux security