Re: 8.4 release planning

Joshua Brindle wrote:
> Stephen Frost wrote:
>> * Joshua Brindle (method(at)manicmethod(dot)com) wrote:
>>> They are separate. If you look at the patches you'll see a pgace
>>> part, this is where the core interfaces to the security backends, and
>>> you'll see a rowacl backend and an sepgsql backend.
>>
>> Right, guess it wasn't clear to me that the PGACE bits for row-level
>> access control could be used independently of SELinux (and maybe even on
>> systems that don't have SELinux..?).
>>
>
> Sure, if you look at pgaceHooks.c you'll see:

It is basically possible to implement something like "PostgreSQL
Label Security" on PGACE framework.
But I don't want to discuss it now, because it surely burst
SE-PostgreSQL until v8.4 beta.

If desired, I'll queue it my todo list next to SE-PostgreSQL...

> bool
> pgaceExecScan(Scan *scan, Relation rel, TupleTableSlot *slot)
> {
> /* Hardwired DAC checks */
> if (!rowaclExecScan(scan, rel, slot))
> return false;
>
> switch (pgace_feature)
> {
> #ifdef HAVE_SELINUX
> case PGACE_FEATURE_SELINUX:
> if (sepgsqlIsEnabled())
> return sepgsqlExecScan(scan, rel, slot);
> break;
> #endif
> default:
> break;
> }
> return true;
> }
>
> Notice the rowacl call outside of the HAVE_SELINUX ifdefs

FYI:
In the earlier version, these are mutually exclusive, so we could
not apply SE-PostgreSQL, when a binary is built with RowAcl feature.

However, Bruce Momjian suggested it is not proper manner in
PostgreSQL, because it intend to wrap all available features
into a single binary due to packaging benefit, and all the
available options should be configured by runtime.

In addition, IIRC, Peter E suggested it is not symmetrical
that we cannot apply both of DAC and MAC on tuples simultaneously,
although SE-PostgreSQL applies MAC on tables/columns which
PostgreSQL has DAC features on.
So, I add a support simultaneous DAC&MAC.

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>