| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov> |
| Cc: | Greg Smith <greg(at)2ndquadrant(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Josh Berkus <josh(at)agliodbs(dot)com>, jd(at)commandprompt(dot)com, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-08 15:19:37 |
| Message-ID: | 603c8f070912080719x5a90a6c1g3dddc6e681d73655@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley <dpquigl(at)tycho(dot)nsa(dot)gov> wrote:
> I'd be willing to take a look at the framework and see if it really is
> SELinux centric. If it is we can figure out if there is a way to
> accomodate something like SMACK and FMAC. I'd like to hear from someone
> with more extensive experience with Solaris Trusted Extensions about how
> TX would make use of this. I have a feeling it would be similar to the
> way it deals with NFS which is by having the process exist in the global
> zone as a privileged process and then multi-plexes it to the remaining
> zones. That way their getpeercon would get a label derived from the
> zone.
Well, the old patches should still be available in the mailing list
archives. Maybe going back and looking at that code would be a good
place to start. The non-ripped-out code has been cleaned up a lot
since then, but at least it's a place to start.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2009-12-08 15:23:11 | Re: tsearch parser inefficiency if text includes urls or emails - new version |
| Previous Message | Alvaro Herrera | 2009-12-08 15:15:51 | Re: A sniffer for the buffer |