Re: [PATCH] SE-PgSQL/tiny rev.2193

Peter Eisentraut wrote:
> On Monday 20 July 2009 21:05:38 Joshua Brindle wrote:
>> How many people are you looking for? Is there a number or are you waiting
>> for a good feeling?
>
> In my mind, the number of interested people is relatively uninteresting, as
> long as it is greater than, say, three.
>
> What is lacking here is a written specification.
>
> When it comes to larger features, this development group has a great deal of
> experience in implementing existing specifications, even relatively terrible
> ones like SQL or ODBC or Oracle compatibility. But the expected behavior has
> to be written down somewhere, endorsed by someone with authority. It can't
> just be someone's idea. Especially for features that are so complex,
> esoteric, invasive, and critical for security and performance.
>
> So I think if you want to get anywhere with this, scrap the code, and start
> writing a specification. One with references. And then let's consider that
> one.

At least, what is important is that SE-PgSQL performs with its security model
correctly, not how it is implemented. In fast, I have modified its implementation
and separated some of non-primary features several times.
As I said before, its implementation is flexible as far as it can implement
SELinux's security model correctly.

If PostgreSQL community requires its design specifications from the viewpoints
of developers, I don't have any reason not to provide it.

One question is what items should be described in the specifications?
I already provide a reference including a list of object classes and permissions.
http://wiki.postgresql.org/wiki/SEPostgreSQL_References

I guess you would like to see when/where/how SE-PgSQL checks what permissions,
what criteria to make its decision should be used, and so on.

--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>