Thread: SELinux users - Please consider testing SELinux/SEPostgreSQL patches
Hi all
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
The patches are:
Add a new event type of object_access_hook named OAT_POST_ALTER. This allows extensions to catch controls just after system catalogs are updated. Patch also adds sepgsql permission check capability on some ALTER commands, but not all.
https://commitfest.postgresql.org/action/patch_view?id=1003
This patch adds sepgsql support for permission checks equivalent
to the existing SCHEMA USE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1065
This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1066
This patch adds sepgsql the feature of name qualified creation label:
https://commitfest.postgresql.org/action/patch_view?id=1064
If you're interested in SELinux, please glance at the discussion linked to in those patch entries, then grab a patch and try it out as per the reviewer guidelines:
http://wiki.postgresql.org/wiki/Reviewing_a_Patch
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
The patches are:
Add a new event type of object_access_hook named OAT_POST_ALTER. This allows extensions to catch controls just after system catalogs are updated. Patch also adds sepgsql permission check capability on some ALTER commands, but not all.
https://commitfest.postgresql.org/action/patch_view?id=1003
This patch adds sepgsql support for permission checks equivalent
to the existing SCHEMA USE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1065
This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1066
This patch adds sepgsql the feature of name qualified creation label:
https://commitfest.postgresql.org/action/patch_view?id=1064
If you're interested in SELinux, please glance at the discussion linked to in those patch entries, then grab a patch and try it out as per the reviewer guidelines:
http://wiki.postgresql.org/wiki/Reviewing_a_Patch
-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
On 01/21/2013 03:47 PM, Craig Ringer wrote:
Hi all
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
There's been no response or review for the SEPostgreSQL patches, and they're now looking likely to slip until after 9.3. If you care about SELinux support in PostgreSQL, raise your hand.
-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
On 01/21/2013 03:47 PM, Craig Ringer wrote:
Hi all
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
There's been no response or review for the SEPostgreSQL patches, and they're now looking likely to slip until after 9.3. If you care about SELinux support in PostgreSQL, raise your hand.
-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services