| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-07 18:00:20 |
| Message-ID: | 200912071800.nB7I0KB01863@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> > Agreed. ?SE-Linux support might expand our user base and give us
> > additional credibility, or it might be a feature that few people use ---
> > and I don't think anyone knows the outcome.
> >
> > I wonder if we should rephrase this as, "How hard will this feature be
> > to add, and how hard will it be to remove in a few years if we decide we
> > don't want it?" ?SE-Linux support would certainly put Postgres in a
> > unique security category, and it builds on our existing good security
> > reputation.
>
> Yes, I think that's the right way to think about it. At a guess, it's
> two man-months of work to get it in, and ripping it out is likely
> technically fairly simple but will probably be politically impossible.
I figure if there is sufficient usage, we will not need to remove it,
and if there isn't, we will have no objections to removing it.
> > but I am not advocating AppArmor support. ?I think the whole issue is
> > whether support for external integrated security systems is appropriate
> > for Postgres.
>
> It's not something I've run into a need for in my own work, but I
> think there are definitely people out there who do need it, and I'd
> like to see us be able to support it. One of the things that I think
> would be worth looking into is whether there is a way to make this
> pluggable, so that selinux and apparmor and trusted solaris and so on
> could make use of the same framework, but that requires understanding
> all of them well enough to design a framework that can meet all of
> those needs. Every framework effort we've seen from KaiGai so far has
> seemed extremely SE-Linux-specific and therefore pointless. But
> really doing this right is a big development project, and not
> something I can do in my free time.
As Alvaro mentioned, the original patch used ACE but it added too much
code so the community requested its removal from the patch. It could be
re-added if we have a need.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2009-12-07 18:02:47 | Re: YAML Was: CommitFest status/management |
| Previous Message | Greg Stark | 2009-12-07 17:54:04 | Re: Block-level CRC checks |