Re: security labels on databases are bad for dump & restore - Mailing list pgsql-hackers
| From | Ted Toth |
|---|---|
| Subject | Re: security labels on databases are bad for dump & restore |
| Date | |
| Msg-id | CAFPpqQEw4qL+RQfH__vvy5cJ1hqzipQNTQKqV8hudsyKzJWRcQ@mail.gmail.com Whole thread Raw |
| In response to | Re: security labels on databases are bad for dump & restore (Kouhei Kaigai <kaigai@ak.jp.nec.com>) |
| Responses |
Re: security labels on databases are bad for dump &
restore
|
| List | pgsql-hackers |
That doesn't answer my question. I'm talking about a client and server running on the same system with SELinux MLS policy so that getpeercon will return the context of the client process unless it has explicitly sets the socket create context . So again will postgresql if the sepgsql module is loaded call a function in sepgsql to compute the access vector for the source (getpeercon label) contexts access to the target context (tables context set by SECURITY LABEL) and fail the operation generating an AVC if access is denied because there is no policy? On Tue, Jul 14, 2015 at 8:35 PM, Kouhei Kaigai <kaigai@ak.jp.nec.com> wrote: >> So if I label a table with an SELinux context and the type of my >> client connection does not have policy to be able to access the table >> type will an AVC be generated and the access denied? >> > Of course, it depends on the policy of the system. > > If client connection come from none-SELinux system, use netlabelctl > to configure default fallback security context. It gives getpeercon(3) > the client label shall be applied when netlabel is not configured on > the connection. > > Thanks, > -- > NEC Business Creation Division / PG-Strom Project > KaiGai Kohei <kaigai@ak.jp.nec.com> > > >> -----Original Message----- >> From: pgsql-hackers-owner@postgresql.org >> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of Ted Toth >> Sent: Wednesday, July 15, 2015 2:59 AM >> To: Kohei KaiGai >> Cc: Robert Haas; Adam Brightwell; Andres Freund; pgsql-hackers@postgresql.org; >> Alvaro Herrera >> Subject: Re: [HACKERS] security labels on databases are bad for dump & restore >> >> So if I label a table with an SELinux context and the type of my >> client connection does not have policy to be able to access the table >> type will an AVC be generated and the access denied? >> >> Ted >> >> On Tue, Jul 14, 2015 at 12:53 PM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote: >> > 2015-07-15 2:39 GMT+09:00 Ted Toth <txtoth@gmail.com>: >> >> That's exactly what I'm talking about like I said KaiGais branch was >> >> never merged into the mainline so I do not believe that it is used at >> >> all. >> >> >> > It depends on the definition of "integrated". >> > The PostgreSQL core offers an infrastructure for label based security >> > mechanism, not only selinux. Also, one extension module that is >> > usually distributed with PosgreSQL bridges the world of database and >> > the world of selinux (even though all the features I initially designed >> > are not yet implemented). I like to say it is integrated. >> > >> >> On Tue, Jul 14, 2015 at 12:28 PM, Robert Haas <robertmhaas@gmail.com> wrote: >> >>> On Tue, Jul 14, 2015 at 1:22 PM, Ted Toth <txtoth@gmail.com> wrote: >> >>>> I'm sort of new to this so maybe I'm missing something but since the >> >>>> sepgsql SELinux userspace object manager was never integrated into >> >>>> postgresql (AFAIK KaiGais branch was never merged into the mainline) >> >>>> who uses these labels? What use are they? >> >>> >> >>> See contrib/sepgsql >> >>> >> >>> -- >> >>> Robert Haas >> >>> EnterpriseDB: http://www.enterprisedb.com >> >>> The Enterprise PostgreSQL Company >> > >> > >> > >> > -- >> > KaiGai Kohei <kaigai@kaigai.gr.jp> >> >> >> -- >> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) >> To make changes to your subscription: >> http://www.postgresql.org/mailpref/pgsql-hackers
pgsql-hackers by date: