Re: Adding support for SE-Linux security

Bruce Momjian wrote:
> Robert Haas wrote:
>> On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander <magnus(at)hagander(dot)net> wrote:
>>> 2009/12/9 Bruce Momjian <bruce(at)momjian(dot)us>:
>>>> I frankly think the patch should be thought of as the SE-Linux-specific
>>>> directory files, which KaiGai can maintain, and the other parts, which I
>>>> think I can handle.
>>> I think that's a horribly bad idea.
>> Me, too. The ECPG comparison is apt, except that this code is far
>> more deeply integrated into core. The idea that the SE-Linux
>> directory files can be maintained separately from the "other parts"
>> does not seem realistic to me. The problems that are going to occur
>> here are things like: somebody wants to rearrange some part of the
>> permissions checking for some reason. So they move a bunch of code
>> around and break SE-PostgreSQL. Someone has to review that patch and
>> understand the danger it causes. That's going to require
>> understanding both the SE-PostgreSQL-specific files and the other
>> parts, and the relationship between the two of them.
>
> We did something similar for Win32 because it was the only way to do it.
> We don't have the luxury of educating our developers on SE-Linux API for
> a while --- there is the ideal world, and there is reality. What this
> means is that SE-Linux would break when permissions changes happen, and
> the SE-Linux folks will have to come in and clean things up later.
>
> If you want to avoid all good reasons for this features and are looking
> for reasons why this patch is a bad idea, I am sure you can find them.
>

Right, I (and my employer) offers development and maintenance resource
for the feature. If I'll be busy in future days, it means I'm devotedly
working on this feature. When we need to change permission mechanism in
the future, we can provide our efforts not to break them.

--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>