* Dimitri Fontaine (dimi...@2ndquadrant.fr) wrote: > Tom Lane <t...@sss.pgh.pa.us> writes: > > Yes, exactly. What's more, you're going to face huge push-back from > > vendors who are concerned about security (which is most of them). > > Last time I talked with vendors, they were working in the Open Shift > team at Red Hat, and they actually asked me to offer them the ability > you're refusing, to let them enable a better security model. > > The way they use cgroups and SELinux means that they want to be able to > load shared binaries from system user places.
As I've pointed out before, I'd really like to hear exactly how these individuals are using SELinux and why they feel this is an acceptable approach. The only use-case that this model fits is where you don't have *any* access control in the database itself and everyone might as well be a superuser. Then, sure, SELinux can prevent your personal PG environment from destroying the others on the system in much the same way that a chroot can help there, but most folks who are looking at MAC would view *any* database as an independent object system which needs to *hook into* an SELinux or similar. In other words, I really don't think we should be encouraging this approach and certainly not without more understanding of what they're doing here. Perhaps they have a use-case for it, but it might be better done through 'adminpack' or something similar than what we support in core. Thanks, Stephen
Description: Digital signature