(2009/12/16 0:03), Robert Haas wrote:
> But these patches are, unfortunately, not technically excellent.
> There have been multiple reviews of these patches that have produced
> extensive laundry lists of items to be fixed. In the ordinary course
> of events, that leads to one of two things happen
On Mon, Dec 14, 2009 at 10:21 PM, Stephen Frost wrote:
> Bruce,
>
> * Bruce Momjian (br...@momjian.us) wrote:
>> You are fine. I was just saying that at a time I was one of the few
>> loud voices on this, and if this is going to happen, it will be because
>> we have a team that wants to do this,
Bruce,
* Bruce Momjian (br...@momjian.us) wrote:
> You are fine. I was just saying that at a time I was one of the few
> loud voices on this, and if this is going to happen, it will be because
> we have a team that wants to do this, not because I am being loud. I
> see the team forming nicely.
Stephen Frost wrote:
> * Bruce Momjian (br...@momjian.us) wrote:
> > I am not replying to many of these emails so I don't appear to be
> > brow-beating (forcing) the community into accepting this features. I
> > might be brow-beating the community, but I don't want to _appear_ to be
> > brow-beati
* Bruce Momjian (br...@momjian.us) wrote:
> I am not replying to many of these emails so I don't appear to be
> brow-beating (forcing) the community into accepting this features. I
> might be brow-beating the community, but I don't want to _appear_ to be
> brow-beating. ;-)
My apologies if I com
* Stephen Frost (sfr...@snowman.net) wrote:
> * Tom Lane (t...@sss.pgh.pa.us) wrote:
> > I assume he's talking about the object reference representation used in
> > pg_depend, which is actually class OID + object OID + sub-object ID.
> > The only object type that has sub-objects at the moment is ta
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> Robert Haas writes:
> > What exactly do you mean by a SubOID? I'm not really following that part.
>
> I assume he's talking about the object reference representation used in
> pg_depend, which is actually class OID + object OID + sub-object ID.
> The only
* Robert Haas (robertmh...@gmail.com) wrote:
> > Allow me to assist- y is never in a structure once you're out of the
> > parser:
>
> Well this is why you're writing the patch and not me. :-)
Sure, just trying to explain why your suggestion isn't quite the
direction that probably makes the most
Bruce Momjian wrote:
> Well, the bottom line is that this effort should grow the development
> and user community of Postgres --- it if doesn't, it is a failure.
Really? Even if it only allows existing Postgres users and companies to
expand their use into higher security applications IMHO it's a
Ron Mayer wrote:
> Bruce Momjian wrote:
> > Well, the bottom line is that this effort should grow the development
> > and user community of Postgres --- it if doesn't, it is a failure.
>
> Really? Even if it only allows existing Postgres users and companies to
> expand their use into higher secur
On Fri, Dec 11, 2009 at 8:41 PM, Bruce Momjian wrote:
> I am not replying to many of these emails so I don't appear to be
> brow-beating (forcing) the community into accepting this features. I
> might be brow-beating the community, but I don't want to _appear_ to be
> brow-beating. ;-)
LOL. At
Tom Lane wrote:
> Robert Haas writes:
> > Unlike Tom (I think), I do believe that there is demand (possibly only
> > from a limited number of people, but demand all the same) for this
> > feature.
>
> Please note that I do not think there is *zero* demand for the feature.
> There is obviously som
Robert Haas wrote:
On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost wrote:
Hrm, I thought I had given a specific example. Didn't do a good job of
it, apparently. Let me try to be a bit more clear:
ALTER TABLE x OWNER TO y;
If given the table OID, there's a ton of information we can then pull
Robert Haas writes:
> What exactly do you mean by a SubOID? I'm not really following that part.
I assume he's talking about the object reference representation used in
pg_depend, which is actually class OID + object OID + sub-object ID.
The only object type that has sub-objects at the moment is
On Fri, Dec 11, 2009 at 5:36 PM, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
>> On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost wrote:
>> > Does that help clarify my example case?
>>
>> That case doesn't seem terribly problematic to me. It seems clear
>> that we'll want to
I just did a round of integrating some of the big-picture feedback that
has shown up here since the meeting into
http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG ,
mainly supplementing the references in the "Works outside of SELinux"
section with the new suggested reading here s
Stephen Frost wrote:
I agree with this- one issue is, unfortunately, an overabundance from
KaiGai of "code-writing man-power". This is an odd situation for this
community, in general, so we're having a hard time coming to grasp with
it.
There are plenty of parallels to when Zdenek was writing a
* Robert Haas (robertmh...@gmail.com) wrote:
> On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost wrote:
> > Does that help clarify my example case?
>
> That case doesn't seem terribly problematic to me. It seems clear
> that we'll want to pass some information about both x and y. What is
> less cl
* Robert Haas (robertmh...@gmail.com) wrote:
> If I don't tell
> you how to write the patch, you can't accuse me of moving the
> goalposts (of course I've now discovered the pitfalls of that approach
> as well...).
Indeed, we also yell and scream when we don't know which direction the
goalposts ar
On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost wrote:
> Hrm, I thought I had given a specific example. Didn't do a good job of
> it, apparently. Let me try to be a bit more clear:
>
> ALTER TABLE x OWNER TO y;
>
> If given the table OID, there's a ton of information we can then pull
> about the
On Fri, Dec 11, 2009 at 3:28 PM, Stephen Frost wrote:
> I sincerely hope that even if you suggest an approach down the road
> unrelated to this on some other patch you're reviewing, and then you see
> the results and say "whoah, that's horrible, and should never be
> committed", that you understan
Stephen (great name!),
* Stephen Smalley (s...@tycho.nsa.gov) wrote:
> Reference:
> http://www.usenix.org/event/sec02/wright.html
> http://lxr.linux.no/#linux+v2.6.32/include/linux/security.h
>
> The XACE framework for the X server is described by:
> http://www.x.org/releases/X11R7.5/doc/security
* Robert Haas (robertmh...@gmail.com) wrote:
> On Fri, Dec 11, 2009 at 2:11 PM, Stephen Frost wrote:
> > Second, the information we *don't* have from above is generally
> > information about what the requesting action is. For example, when
> > changing ownership of an object, we can't possibly us
* Robert Haas (robertmh...@gmail.com) wrote:
> OK, it's clear that I've handled this badly. Sorry. My fear (however
> unjustified) was that someone would go and rewrite the patch based on
> an opinion that I express whether they agree with it or not.
That's always going to be a risk in an open-d
On Fri, 2009-12-11 at 14:11 -0500, Stephen Frost wrote:
> All,
>
> * Robert Haas (robertmh...@gmail.com) wrote:
> > If we design a security abstraction layer, the interfaces need to
> > really be abstraction boundaries. Passing the table OID and then also
> > the tablespace OID because PG DAC nee
On Fri, Dec 11, 2009 at 2:11 PM, Stephen Frost wrote:
> Second, the information we *don't* have from above is generally
> information about what the requesting action is. For example, when
> changing ownership of an object, we can't possibly use introspection to
> find out the role which is on th
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
> Yea I never asked Stephen if he goes by Stephen or Steve when I met him
> on Wednesday. I guess calling him Steve is me being a bit
> presumptuous :)
Oh, either is fine, tho people will probably follow a bit better if you
say "Stephen". As a rem
David,
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
> So the document I read is linked below [1].
Great, thanks again.
[agree with all the rest]
> It is definitely good to have a second opinion on this since I've just
> only started reading the PCI compliance documents. I'm definitely not
On Fri, Dec 11, 2009 at 1:52 PM, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
>> I actually have an idea how to solve the problem in this particular
>> case, but I'm reluctant to say what it is because I'm not sure if I'm
>> right, and at any rate *I don't want to write this
All,
* Robert Haas (robertmh...@gmail.com) wrote:
> If we design a security abstraction layer, the interfaces need to
> really be abstraction boundaries. Passing the table OID and then also
> the tablespace OID because PG DAC needs that to make its access
> control decision is crap.
Now, to ad
Robert,
* Robert Haas (robertmh...@gmail.com) wrote:
> I actually have an idea how to solve the problem in this particular
> case, but I'm reluctant to say what it is because I'm not sure if I'm
> right, and at any rate *I don't want to write this patch*.
As far as crap goes, I'd have to put th
On Fri, 2009-12-11 at 11:30 -0500, Robert Haas wrote:
[snip...]
>
> I'll stop here because I see that Stephen Frost has just sent an
> insightful email on this topic as well. Hmm, maybe that's the Steve
> you were referring to.
>
> ...Robert
>
Yea I never asked Stephen if he goes by Stephen or
On Fri, 2009-12-11 at 11:16 -0500, Stephen Frost wrote:
> David,
>
> * David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
> > So I downloaded and read through the PCI DSS document (74 pages is
> > pretty light compared to NFSv4.1 hehe...) and There are several areas
> > there where I think strong acc
On Fri, 2009-12-11 at 11:28 -0500, Stephen Frost wrote:
[snip...]
> > The main concern I hear is that people are worried that this is an
> > SELinux specific design. I heard at the meeting on Wednesday that the
> > Trusted Extensions people looked at the framework and said it meets
> > their needs
On Fri, Dec 11, 2009 at 10:07 AM, David P. Quigley
wrote:
> The main concern I hear is that people are worried that this is an
> SELinux specific design. I heard at the meeting on Wednesday that the
> Trusted Extensions people looked at the framework and said it meets
> their needs as well. If tha
* Robert Haas (robertmh...@gmail.com) wrote:
> I'll stop here because I see that Stephen Frost has just sent an
> insightful email on this topic as well. Hmm, maybe that's the Steve
> you were referring to.
I have doubts- but then I don't ever see my comments as insightful for
some reason. ;)
On Fri, Dec 11, 2009 at 10:07 AM, David P. Quigley
wrote:
> On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
>> 2009/12/11 KaiGai Kohei :
>> > It tried to provide a set of comprehensive entry points to replace existing
>> > PG checks at once.
>> > However, the SE-PgSQL/Lite patch covers acces
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
> On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
> > I think that we should try to move the PG default checks inside the
> > hook functions. If we can't do that cleanly, it's a good sign that
> > the hook functions are not correctly placed t
David,
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
> So I downloaded and read through the PCI DSS document (74 pages is
> pretty light compared to NFSv4.1 hehe...) and There are several areas
> there where I think strong access controls in the database will not only
> fulfill the requirement
On Fri, 2009-12-11 at 08:56 -0500, Stephen Frost wrote:
[snip...]
> I do assume we're going to do row level security, but I do not feel that
> we need to particularly put one in front of the other. I also feel that
> SEPG will be valuable even without row-level security. One of the
> realms that
Magnus,
* Magnus Hagander (mag...@hagander.net) wrote:
> On Fri, Dec 11, 2009 at 05:45, Tom Lane wrote:
> > It's been perfectly clear since day one, and was reiterated as recently
> > as today
> > http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com
> > that what the securit
On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
> 2009/12/11 KaiGai Kohei :
> > It tried to provide a set of comprehensive entry points to replace existing
> > PG checks at once.
> > However, the SE-PgSQL/Lite patch covers accesses on only database, schema,
> > tables and columns. Is it neces
On Fri, 2009-12-11 at 09:20 -0500, Robert Haas wrote:
> On Fri, Dec 11, 2009 at 4:31 AM, Magnus Hagander wrote:
> > On Fri, Dec 11, 2009 at 05:45, Tom Lane wrote:
> >> Robert Haas writes:
> >>> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane wrote:
> My guess is that a credible SEPostgres offeri
Stephen Frost wrote:
Tom,
The
proposals to make SEPostgres drive regular SQL permissions never came
out of anyone from that side, they were proposed by PG people looking
for a manageable first step.
I do not believe this to be accurate. Josh, were you able to find any
public documentation
2009/12/11 KaiGai Kohei :
> It tried to provide a set of comprehensive entry points to replace existing
> PG checks at once.
> However, the SE-PgSQL/Lite patch covers accesses on only database, schema,
> tables and columns. Is it necessary to be comprehensive from the beginning?
> It might be too a
On Fri, Dec 11, 2009 at 4:31 AM, Magnus Hagander wrote:
> On Fri, Dec 11, 2009 at 05:45, Tom Lane wrote:
>> Robert Haas writes:
>>> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane wrote:
My guess is that a credible SEPostgres offering will require a long-term
amount of work at least equal t
Tom,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
> It's been perfectly clear since day one, and was reiterated as recently
> as today
> http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com
> that what the security community wants is row-level security.
Yes, they do want row-lev
On Fri, Dec 11, 2009 at 05:45, Tom Lane wrote:
> Robert Haas writes:
>> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane wrote:
>>> My guess is that a credible SEPostgres offering will require a long-term
>>> amount of work at least equal to, and very possibly a good deal more
>>> than, what it took to
Robert Haas wrote:
> On Thu, Dec 10, 2009 at 11:45 PM, Tom Lane wrote:
>> If you're not prepared to assume that we're going to do row level
>> security, it's not apparent why we should be embarking on this course
>> at all. And if you do assume that, I strongly believe that my effort
>> estimate
On Thu, Dec 10, 2009 at 11:45 PM, Tom Lane wrote:
> If you're not prepared to assume that we're going to do row level
> security, it's not apparent why we should be embarking on this course
> at all. And if you do assume that, I strongly believe that my effort
> estimate above is on the optimisti
Tom Lane wrote:
It's been perfectly clear since day one, and was reiterated as recently
as today
http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com
that what the security community wants is row-level security.
I think David Quigley's comments from earlier today summarize
Robert Haas writes:
> On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane wrote:
>> My guess is that a credible SEPostgres offering will require a long-term
>> amount of work at least equal to, and very possibly a good deal more
>> than, what it took to make a native Windows port.
> The SEPostgres communi
David P. Quigley wrote:
> On Thu, 2009-12-10 at 17:08 -0500, Tom Lane wrote:
>> Robert Haas writes:
>>> Unlike Tom (I think), I do believe that there is demand (possibly only
>>> from a limited number of people, but demand all the same) for this
>>> feature.
>> Please note that I do not think ther
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane wrote:
> If I thought that Bruce could go off in a corner and make this happen
> and it would create no demands on anybody but him and KaiGai-san, I
> would say "fine, if that's where you want to spend your time, go for
> it". But even to state that impli
Tom Lane wrote:
My guess is that a credible SEPostgres offering will require a long-term
amount of work at least equal to, and very possibly a good deal more
than, what it took to make a native Windows port.
Wow, if I thought that was the case I'd be as negative about the whole
thing as you ob
My two cents - if it's desired -
I invariably disable selinux from all of my production machines. Once
upon a time I tried to work with it time and time again - but it was
such a head ache to administer for what I considered to be marginal
gains, that I eventually gave up. Every time I add a s
Hi,
On Thursday 10 December 2009 23:08:17 Tom Lane wrote:
> My guess is that a credible SEPostgres offering will require a long-term
> amount of work at least equal to, and very possibly a good deal more
> than, what it took to make a native Windows port. If SEPostgres could
> bring us even 10% a
On Thu, 2009-12-10 at 17:08 -0500, Tom Lane wrote:
> Robert Haas writes:
> > Unlike Tom (I think), I do believe that there is demand (possibly only
> > from a limited number of people, but demand all the same) for this
> > feature.
>
> Please note that I do not think there is *zero* demand for th
Robert Haas writes:
> Unlike Tom (I think), I do believe that there is demand (possibly only
> from a limited number of people, but demand all the same) for this
> feature.
Please note that I do not think there is *zero* demand for the feature.
There is obviously some. What I find highly dubious
On Wed, Dec 9, 2009 at 10:43 PM, Bruce Momjian wrote:
> Robert Haas wrote:
>> On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian wrote:
>> > If you want to avoid all good reasons for this features and are looking
>> > for reasons why this patch is a bad idea, I am sure you can find them.
>>
>> You see
Robert Haas wrote:
> On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian wrote:
> > If you want to avoid all good reasons for this features and are looking
> > for reasons why this patch is a bad idea, I am sure you can find them.
>
> You seem to be suggesting that our reactions are pure obstructionism
On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian wrote:
> If you want to avoid all good reasons for this features and are looking
> for reasons why this patch is a bad idea, I am sure you can find them.
You seem to be suggesting that our reactions are pure obstructionism,
or that they have an ulteri
Bruce Momjian wrote:
> Robert Haas wrote:
>> On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander wrote:
>>> 2009/12/9 Bruce Momjian :
I frankly think the patch should be thought of as the SE-Linux-specific
directory files, which KaiGai can maintain, and the other parts, which I
think I
Robert Haas wrote:
> On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander wrote:
> > 2009/12/9 Bruce Momjian :
> >> I frankly think the patch should be thought of as the SE-Linux-specific
> >> directory files, which KaiGai can maintain, and the other parts, which I
> >> think I can handle.
> >
> > I th
On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander wrote:
> 2009/12/9 Bruce Momjian :
>> I frankly think the patch should be thought of as the SE-Linux-specific
>> directory files, which KaiGai can maintain, and the other parts, which I
>> think I can handle.
>
> I think that's a horribly bad idea.
Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
>> One of the major and fundamental stumbling blocks we've run into is
>> that every solution we've looked at so far seems to involve adding
>> SE-Linux-specific checks in many places in the code.
>
> I've really got to take exc
2009/12/9 Bruce Momjian :
> I frankly think the patch should be thought of as the SE-Linux-specific
> directory files, which KaiGai can maintain, and the other parts, which I
> think I can handle.
I think that's a horribly bad idea.
We have already got a similar issue with ECPG, which clearly sta
David P. Quigley wrote:
> On Tue, 2009-12-08 at 15:26 -0500, Robert Haas wrote:
> [snip...]
>> I can say from experience that this project is very skeptical of
>> frameworks that aren't accompanied by at least one, and preferably
>> multiple, working implementations. So there is a bit of a chicken
David P. Quigley wrote:
I understand that PostgreSQL is a fast moving target with a large developer
base but so is the Linux Kernel and a
similar framework has been working there for years now.
It sounds like how you're thinking about this project's development
model is inverted from the
David P. Quigley wrote:
> So I was reading through a set of slides that KaiGai has and he
> mentioned a May commitfest link and I looked for the comments related to
> his PGACE patches. I've been crawling through the commitfest paces so I
> can figure out what the latest version of the pgace patch
Robert Haas wrote:
> Sorry. I spent a lot of time for both CommitFest 2008-11 and
> CommitFest 2009-07 in the hopes of getting something committable, and
> I wasn't successful. I'm just at the end of my rope. It seems fairly
> clear that Tom isn't going to commit any piece of SE-PostgreSQL at
>
Robert Haas wrote:
> On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley
> wrote:
>> I'd be willing to take a look at the framework and see if it really is
>> SELinux centric. If it is we can figure out if there is a way to
>> accomodate something like SMACK and FMAC. I'd like to hear from someone
On Tue, 2009-12-08 at 16:51 -0500, Tom Lane wrote:
> Peter Eisentraut writes:
> > PGACE wasn't a plugin system. It was an API inside the core code. If
> > it had been a plugin system, this would have been much easier, because
> > the plugin itself could have been developed independently.
>
> We
Peter Eisentraut writes:
> PGACE wasn't a plugin system. It was an API inside the core code. If
> it had been a plugin system, this would have been much easier, because
> the plugin itself could have been developed independently.
Well, it should certainly have used function pointers or somethin
On Tue, 2009-12-08 at 15:26 -0500, Robert Haas wrote:
[snip...]
>
> I can say from experience that this project is very skeptical of
> frameworks that aren't accompanied by at least one, and preferably
> multiple, working implementations. So there is a bit of a chicken and
> egg problem here. Wh
On Tue, Dec 8, 2009 at 3:24 PM, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
>> One of the major and fundamental stumbling blocks we've run into is
>> that every solution we've looked at so far seems to involve adding
>> SE-Linux-specific checks in many places in the code.
>
On mån, 2009-12-07 at 11:45 -0500, Chris Browne wrote:
> I feel about the same way about this as I did about the adding of
> "native Windows" support; I'm a bit concerned that this could be a
> destabilizing influence. I was wrong back then; the Windows support
> hasn't had the ill effects I was c
On mån, 2009-12-07 at 17:33 +0100, Martijn van Oosterhout wrote:
> On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
> > > Given the extreme patience and diligence exhibited by KaiGai, I
> > > hesitate to say this, but it seems to me that this would be
> > > critically important for t
On Tue, 2009-12-08 at 15:24 -0500, Stephen Frost wrote:
> * Robert Haas (robertmh...@gmail.com) wrote:
> > One of the major and fundamental stumbling blocks we've run into is
> > that every solution we've looked at so far seems to involve adding
> > SE-Linux-specific checks in many places in the co
On Tue, Dec 8, 2009 at 2:50 PM, David P. Quigley wrote:
> On Tue, 2009-12-08 at 14:22 -0500, Robert Haas wrote:
>> On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane wrote:
>> > Robert Haas writes:
>> >> One of the major and fundamental stumbling blocks we've run into is
>> >> that every solution we've lo
* Robert Haas (robertmh...@gmail.com) wrote:
> One of the major and fundamental stumbling blocks we've run into is
> that every solution we've looked at so far seems to involve adding
> SE-Linux-specific checks in many places in the code.
I've really got to take exception to this. I've only bee
On Tue, 2009-12-08 at 14:22 -0500, Robert Haas wrote:
> On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane wrote:
> > Robert Haas writes:
> >> One of the major and fundamental stumbling blocks we've run into is
> >> that every solution we've looked at so far seems to involve adding
> >> SE-Linux-specific c
On 12/8/09 12:36 PM, "Robert Haas" wrote:
> On Tue, Dec 8, 2009 at 12:16 PM, Chad Sellers wrote:
>> On 12/8/09 11:51 AM, "David P. Quigley" wrote:
>>
>>> On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley
wrote:
> On Mon, 2009
On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane wrote:
> Robert Haas writes:
>> One of the major and fundamental stumbling blocks we've run into is
>> that every solution we've looked at so far seems to involve adding
>> SE-Linux-specific checks in many places in the code. It would be nice
>> if it wer
Robert Haas writes:
> One of the major and fundamental stumbling blocks we've run into is
> that every solution we've looked at so far seems to involve adding
> SE-Linux-specific checks in many places in the code. It would be nice
> if it were possible to use the exist permissions-checking functi
On Tue, Dec 8, 2009 at 12:16 PM, Chad Sellers wrote:
> On 12/8/09 11:51 AM, "David P. Quigley" wrote:
>
>> On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
>>> On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley
>>> wrote:
On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
> On Mo
On 12/8/09 11:51 AM, "David P. Quigley" wrote:
> On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
>> On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley
>> wrote:
>>> On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian wrote:
> As Alva
On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
> On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley
> wrote:
> > On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
> >> On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian wrote:
> >> > As Alvaro mentioned, the original patch used ACE but it ad
On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley wrote:
> On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
>> On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian wrote:
>> > As Alvaro mentioned, the original patch used ACE but it added too much
>> > code so the community requested its removal fro
On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley wrote:
> I'd be willing to take a look at the framework and see if it really is
> SELinux centric. If it is we can figure out if there is a way to
> accomodate something like SMACK and FMAC. I'd like to hear from someone
> with more extensive exper
On Mon, 2009-12-07 at 22:25 -0500, Greg Smith wrote:
> David P. Quigley wrote:
> > Not to start a flame war here about access control models but you gave 3
> > different examples one of which I don't think has any means to do
> > anything productive here.
> You won't be starting a flame war for the
David P. Quigley wrote:
> Not to start a flame war here about access control models but you gave 3
> different examples one of which I don't think has any means to do
> anything productive here.
You won't be starting a flame war for the same reason some of the
community members are so concerned abo
KaiGai Kohei escribió:
> I could not find the message from David P. Quigley in the list,
> although pgsql-hackers@postgresql.org was Cc:'ed.
> (something troubled?)
Weird. It didn't even made it to the moderator queue for some reason.
Perhaps the system dropped it as spam.
> So, I'll send it aga
I could not find the message from David P. Quigley in the list,
although pgsql-hackers@postgresql.org was Cc:'ed.
(something troubled?)
So, I'll send it again for your information.
Original Message
Subject: Re: [HACKERS] Adding support for SE-Linux security
Date: M
Robert Haas wrote:
> On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian wrote:
>> As Alvaro mentioned, the original patch used ACE but it added too much
>> code so the community requested its removal from the patch. It could be
>> re-added if we have a need.
>
> Well, there's no point in putting that
Bruce Momjian wrote:
> Tom Lane wrote:
>> Bruce Momjian writes:
>>> Robert Haas wrote:
Yes, I think that's the right way to think about it. At a guess, it's
two man-months of work to get it in, and ripping it out is likely
technically fairly simple but will probably be politically
Tom Lane wrote:
> Robert Haas writes:
>> On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian wrote:
>>> I wonder if we should rephrase this as, "How hard will this feature be
>>> to add, and how hard will it be to remove in a few years if we decide we
>>> don't want it?"
>
>> Yes, I think that's the r
On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian wrote:
> As Alvaro mentioned, the original patch used ACE but it added too much
> code so the community requested its removal from the patch. It could be
> re-added if we have a need.
Well, there's no point in putting that framework back in unless we
Tom Lane wrote:
> Bruce Momjian writes:
> > Robert Haas wrote:
> >> Yes, I think that's the right way to think about it. At a guess, it's
> >> two man-months of work to get it in, and ripping it out is likely
> >> technically fairly simple but will probably be politically impossible.
>
> > I fig
Bruce Momjian writes:
> Robert Haas wrote:
>> Yes, I think that's the right way to think about it. At a guess, it's
>> two man-months of work to get it in, and ripping it out is likely
>> technically fairly simple but will probably be politically impossible.
> I figure if there is sufficient usa
1 - 100 of 126 matches
Mail list logo
