On Mon, Dec 14, 2009 at 10:21 PM, Stephen Frost sfr...@snowman.net wrote:
Bruce,
* Bruce Momjian (br...@momjian.us) wrote:
You are fine. I was just saying that at a time I was one of the few
loud voices on this, and if this is going to happen, it will be because
we have a team that wants to
(2009/12/16 0:03), Robert Haas wrote:
But these patches are, unfortunately, not technically excellent.
There have been multiple reviews of these patches that have produced
extensive laundry lists of items to be fixed. In the ordinary course
of events, that leads to one of two things
Stephen Frost wrote:
* Bruce Momjian (br...@momjian.us) wrote:
I am not replying to many of these emails so I don't appear to be
brow-beating (forcing) the community into accepting this features. I
might be brow-beating the community, but I don't want to _appear_ to be
brow-beating. ;-)
Bruce,
* Bruce Momjian (br...@momjian.us) wrote:
You are fine. I was just saying that at a time I was one of the few
loud voices on this, and if this is going to happen, it will be because
we have a team that wants to do this, not because I am being loud. I
see the team forming nicely.
Not
* Bruce Momjian (br...@momjian.us) wrote:
I am not replying to many of these emails so I don't appear to be
brow-beating (forcing) the community into accepting this features. I
might be brow-beating the community, but I don't want to _appear_ to be
brow-beating. ;-)
My apologies if I come
* Robert Haas (robertmh...@gmail.com) wrote:
Allow me to assist- y is never in a structure once you're out of the
parser:
Well this is why you're writing the patch and not me. :-)
Sure, just trying to explain why your suggestion isn't quite the
direction that probably makes the most
* Tom Lane (t...@sss.pgh.pa.us) wrote:
Robert Haas robertmh...@gmail.com writes:
What exactly do you mean by a SubOID? I'm not really following that part.
I assume he's talking about the object reference representation used in
pg_depend, which is actually class OID + object OID +
* Stephen Frost (sfr...@snowman.net) wrote:
* Tom Lane (t...@sss.pgh.pa.us) wrote:
I assume he's talking about the object reference representation used in
pg_depend, which is actually class OID + object OID + sub-object ID.
The only object type that has sub-objects at the moment is tables,
On Fri, Dec 11, 2009 at 05:45, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane t...@sss.pgh.pa.us wrote:
My guess is that a credible SEPostgres offering will require a long-term
amount of work at least equal to, and very
Tom,
* Tom Lane (t...@sss.pgh.pa.us) wrote:
It's been perfectly clear since day one, and was reiterated as recently
as today
http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com
that what the security community wants is row-level security.
Yes, they do want row-level
On Fri, Dec 11, 2009 at 4:31 AM, Magnus Hagander mag...@hagander.net wrote:
On Fri, Dec 11, 2009 at 05:45, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane t...@sss.pgh.pa.us wrote:
My guess is that a credible SEPostgres
2009/12/11 KaiGai Kohei kai...@ak.jp.nec.com:
It tried to provide a set of comprehensive entry points to replace existing
PG checks at once.
However, the SE-PgSQL/Lite patch covers accesses on only database, schema,
tables and columns. Is it necessary to be comprehensive from the beginning?
Stephen Frost wrote:
Tom,
snip
The
proposals to make SEPostgres drive regular SQL permissions never came
out of anyone from that side, they were proposed by PG people looking
for a manageable first step.
I do not believe this to be accurate. Josh, were you able to find any
public
On Fri, 2009-12-11 at 09:20 -0500, Robert Haas wrote:
On Fri, Dec 11, 2009 at 4:31 AM, Magnus Hagander mag...@hagander.net wrote:
On Fri, Dec 11, 2009 at 05:45, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane
On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
2009/12/11 KaiGai Kohei kai...@ak.jp.nec.com:
It tried to provide a set of comprehensive entry points to replace existing
PG checks at once.
However, the SE-PgSQL/Lite patch covers accesses on only database, schema,
tables and columns.
Magnus,
* Magnus Hagander (mag...@hagander.net) wrote:
On Fri, Dec 11, 2009 at 05:45, Tom Lane t...@sss.pgh.pa.us wrote:
It's been perfectly clear since day one, and was reiterated as recently
as today
http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com
that what
On Fri, 2009-12-11 at 08:56 -0500, Stephen Frost wrote:
[snip...]
I do assume we're going to do row level security, but I do not feel that
we need to particularly put one in front of the other. I also feel that
SEPG will be valuable even without row-level security. One of the
realms that we
David,
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
So I downloaded and read through the PCI DSS document (74 pages is
pretty light compared to NFSv4.1 hehe...) and There are several areas
there where I think strong access controls in the database will not only
fulfill the requirement
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
I think that we should try to move the PG default checks inside the
hook functions. If we can't do that cleanly, it's a good sign that
the hook functions are not correctly placed to
On Fri, Dec 11, 2009 at 10:07 AM, David P. Quigley
dpqu...@tycho.nsa.gov wrote:
On Fri, 2009-12-11 at 09:32 -0500, Robert Haas wrote:
2009/12/11 KaiGai Kohei kai...@ak.jp.nec.com:
It tried to provide a set of comprehensive entry points to replace existing
PG checks at once.
However, the
* Robert Haas (robertmh...@gmail.com) wrote:
I'll stop here because I see that Stephen Frost has just sent an
insightful email on this topic as well. Hmm, maybe that's the Steve
you were referring to.
I have doubts- but then I don't ever see my comments as insightful for
some reason. ;)
On Fri, Dec 11, 2009 at 10:07 AM, David P. Quigley
dpqu...@tycho.nsa.gov wrote:
The main concern I hear is that people are worried that this is an
SELinux specific design. I heard at the meeting on Wednesday that the
Trusted Extensions people looked at the framework and said it meets
their
On Fri, 2009-12-11 at 11:28 -0500, Stephen Frost wrote:
[snip...]
The main concern I hear is that people are worried that this is an
SELinux specific design. I heard at the meeting on Wednesday that the
Trusted Extensions people looked at the framework and said it meets
their needs as
On Fri, 2009-12-11 at 11:16 -0500, Stephen Frost wrote:
David,
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
So I downloaded and read through the PCI DSS document (74 pages is
pretty light compared to NFSv4.1 hehe...) and There are several areas
there where I think strong access
On Fri, 2009-12-11 at 11:30 -0500, Robert Haas wrote:
[snip...]
I'll stop here because I see that Stephen Frost has just sent an
insightful email on this topic as well. Hmm, maybe that's the Steve
you were referring to.
...Robert
Yea I never asked Stephen if he goes by Stephen or Steve
Robert,
* Robert Haas (robertmh...@gmail.com) wrote:
I actually have an idea how to solve the problem in this particular
case, but I'm reluctant to say what it is because I'm not sure if I'm
right, and at any rate *I don't want to write this patch*.
As far as crap goes, I'd have to put this
All,
* Robert Haas (robertmh...@gmail.com) wrote:
If we design a security abstraction layer, the interfaces need to
really be abstraction boundaries. Passing the table OID and then also
the tablespace OID because PG DAC needs that to make its access
control decision is crap.
Now, to
On Fri, Dec 11, 2009 at 1:52 PM, Stephen Frost sfr...@snowman.net wrote:
* Robert Haas (robertmh...@gmail.com) wrote:
I actually have an idea how to solve the problem in this particular
case, but I'm reluctant to say what it is because I'm not sure if I'm
right, and at any rate *I don't want
David,
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
So the document I read is linked below [1].
Great, thanks again.
[agree with all the rest]
It is definitely good to have a second opinion on this since I've just
only started reading the PCI compliance documents. I'm definitely not an
* David P. Quigley (dpqu...@tycho.nsa.gov) wrote:
Yea I never asked Stephen if he goes by Stephen or Steve when I met him
on Wednesday. I guess calling him Steve is me being a bit
presumptuous :)
Oh, either is fine, tho people will probably follow a bit better if you
say Stephen. As a
On Fri, Dec 11, 2009 at 2:11 PM, Stephen Frost sfr...@snowman.net wrote:
Second, the information we *don't* have from above is generally
information about what the requesting action is. For example, when
changing ownership of an object, we can't possibly use introspection to
find out the role
On Fri, 2009-12-11 at 14:11 -0500, Stephen Frost wrote:
All,
* Robert Haas (robertmh...@gmail.com) wrote:
If we design a security abstraction layer, the interfaces need to
really be abstraction boundaries. Passing the table OID and then also
the tablespace OID because PG DAC needs that
* Robert Haas (robertmh...@gmail.com) wrote:
OK, it's clear that I've handled this badly. Sorry. My fear (however
unjustified) was that someone would go and rewrite the patch based on
an opinion that I express whether they agree with it or not.
That's always going to be a risk in an
* Robert Haas (robertmh...@gmail.com) wrote:
On Fri, Dec 11, 2009 at 2:11 PM, Stephen Frost sfr...@snowman.net wrote:
Second, the information we *don't* have from above is generally
information about what the requesting action is. For example, when
changing ownership of an object, we can't
Stephen (great name!),
* Stephen Smalley (s...@tycho.nsa.gov) wrote:
Reference:
http://www.usenix.org/event/sec02/wright.html
http://lxr.linux.no/#linux+v2.6.32/include/linux/security.h
The XACE framework for the X server is described by:
On Fri, Dec 11, 2009 at 3:28 PM, Stephen Frost sfr...@snowman.net wrote:
I sincerely hope that even if you suggest an approach down the road
unrelated to this on some other patch you're reviewing, and then you see
the results and say whoah, that's horrible, and should never be
committed, that
On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost sfr...@snowman.net wrote:
Hrm, I thought I had given a specific example. Didn't do a good job of
it, apparently. Let me try to be a bit more clear:
ALTER TABLE x OWNER TO y;
If given the table OID, there's a ton of information we can then pull
* Robert Haas (robertmh...@gmail.com) wrote:
If I don't tell
you how to write the patch, you can't accuse me of moving the
goalposts (of course I've now discovered the pitfalls of that approach
as well...).
Indeed, we also yell and scream when we don't know which direction the
goalposts are
* Robert Haas (robertmh...@gmail.com) wrote:
On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost sfr...@snowman.net wrote:
Does that help clarify my example case?
That case doesn't seem terribly problematic to me. It seems clear
that we'll want to pass some information about both x and y. What
Stephen Frost wrote:
I agree with this- one issue is, unfortunately, an overabundance from
KaiGai of code-writing man-power. This is an odd situation for this
community, in general, so we're having a hard time coming to grasp with
it.
There are plenty of parallels to when Zdenek was writing a
I just did a round of integrating some of the big-picture feedback that
has shown up here since the meeting into
http://wiki.postgresql.org/wiki/SEPostgreSQL_Review_at_the_BWPUG ,
mainly supplementing the references in the Works outside of SELinux
section with the new suggested reading here
On Fri, Dec 11, 2009 at 5:36 PM, Stephen Frost sfr...@snowman.net wrote:
* Robert Haas (robertmh...@gmail.com) wrote:
On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost sfr...@snowman.net wrote:
Does that help clarify my example case?
That case doesn't seem terribly problematic to me. It seems
Robert Haas robertmh...@gmail.com writes:
What exactly do you mean by a SubOID? I'm not really following that part.
I assume he's talking about the object reference representation used in
pg_depend, which is actually class OID + object OID + sub-object ID.
The only object type that has
Robert Haas wrote:
On Fri, Dec 11, 2009 at 4:26 PM, Stephen Frost sfr...@snowman.net wrote:
Hrm, I thought I had given a specific example. Didn't do a good job of
it, apparently. Let me try to be a bit more clear:
ALTER TABLE x OWNER TO y;
If given the table OID, there's a ton of
Tom Lane wrote:
Robert Haas robertmh...@gmail.com writes:
Unlike Tom (I think), I do believe that there is demand (possibly only
from a limited number of people, but demand all the same) for this
feature.
Please note that I do not think there is *zero* demand for the feature.
There is
On Fri, Dec 11, 2009 at 8:41 PM, Bruce Momjian br...@momjian.us wrote:
I am not replying to many of these emails so I don't appear to be
brow-beating (forcing) the community into accepting this features. I
might be brow-beating the community, but I don't want to _appear_ to be
brow-beating.
Ron Mayer wrote:
Bruce Momjian wrote:
Well, the bottom line is that this effort should grow the development
and user community of Postgres --- it if doesn't, it is a failure.
Really? Even if it only allows existing Postgres users and companies to
expand their use into higher security
Bruce Momjian wrote:
Well, the bottom line is that this effort should grow the development
and user community of Postgres --- it if doesn't, it is a failure.
Really? Even if it only allows existing Postgres users and companies to
expand their use into higher security applications IMHO it's a
On Wed, Dec 9, 2009 at 10:43 PM, Bruce Momjian br...@momjian.us wrote:
Robert Haas wrote:
On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian br...@momjian.us wrote:
If you want to avoid all good reasons for this features and are looking
for reasons why this patch is a bad idea, I am sure you can
Robert Haas robertmh...@gmail.com writes:
Unlike Tom (I think), I do believe that there is demand (possibly only
from a limited number of people, but demand all the same) for this
feature.
Please note that I do not think there is *zero* demand for the feature.
There is obviously some. What I
On Thu, 2009-12-10 at 17:08 -0500, Tom Lane wrote:
Robert Haas robertmh...@gmail.com writes:
Unlike Tom (I think), I do believe that there is demand (possibly only
from a limited number of people, but demand all the same) for this
feature.
Please note that I do not think there is *zero*
Hi,
On Thursday 10 December 2009 23:08:17 Tom Lane wrote:
My guess is that a credible SEPostgres offering will require a long-term
amount of work at least equal to, and very possibly a good deal more
than, what it took to make a native Windows port. If SEPostgres could
bring us even 10% as
My two cents - if it's desired -
I invariably disable selinux from all of my production machines. Once
upon a time I tried to work with it time and time again - but it was
such a head ache to administer for what I considered to be marginal
gains, that I eventually gave up. Every time I add a
Tom Lane wrote:
My guess is that a credible SEPostgres offering will require a long-term
amount of work at least equal to, and very possibly a good deal more
than, what it took to make a native Windows port.
Wow, if I thought that was the case I'd be as negative about the whole
thing as you
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane t...@sss.pgh.pa.us wrote:
If I thought that Bruce could go off in a corner and make this happen
and it would create no demands on anybody but him and KaiGai-san, I
would say fine, if that's where you want to spend your time, go for
it. But even to
David P. Quigley wrote:
On Thu, 2009-12-10 at 17:08 -0500, Tom Lane wrote:
Robert Haas robertmh...@gmail.com writes:
Unlike Tom (I think), I do believe that there is demand (possibly only
from a limited number of people, but demand all the same) for this
feature.
Please note that I do not
Robert Haas robertmh...@gmail.com writes:
On Thu, Dec 10, 2009 at 5:08 PM, Tom Lane t...@sss.pgh.pa.us wrote:
My guess is that a credible SEPostgres offering will require a long-term
amount of work at least equal to, and very possibly a good deal more
than, what it took to make a native
Tom Lane wrote:
It's been perfectly clear since day one, and was reiterated as recently
as today
http://archives.postgresql.org/message-id/4b21757e.7090...@2ndquadrant.com
that what the security community wants is row-level security.
I think David Quigley's comments from earlier today
On Thu, Dec 10, 2009 at 11:45 PM, Tom Lane t...@sss.pgh.pa.us wrote:
If you're not prepared to assume that we're going to do row level
security, it's not apparent why we should be embarking on this course
at all. And if you do assume that, I strongly believe that my effort
estimate above is
Robert Haas wrote:
On Thu, Dec 10, 2009 at 11:45 PM, Tom Lane t...@sss.pgh.pa.us wrote:
If you're not prepared to assume that we're going to do row level
security, it's not apparent why we should be embarking on this course
at all. And if you do assume that, I strongly believe that my effort
On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander mag...@hagander.net wrote:
2009/12/9 Bruce Momjian br...@momjian.us:
I frankly think the patch should be thought of as the SE-Linux-specific
directory files, which KaiGai can maintain, and the other parts, which I
think I can handle.
I think
Robert Haas wrote:
On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander mag...@hagander.net wrote:
2009/12/9 Bruce Momjian br...@momjian.us:
I frankly think the patch should be thought of as the SE-Linux-specific
directory files, which KaiGai can maintain, and the other parts, which I
think I
Bruce Momjian wrote:
Robert Haas wrote:
On Wed, Dec 9, 2009 at 1:44 AM, Magnus Hagander mag...@hagander.net wrote:
2009/12/9 Bruce Momjian br...@momjian.us:
I frankly think the patch should be thought of as the SE-Linux-specific
directory files, which KaiGai can maintain, and the other parts,
On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian br...@momjian.us wrote:
If you want to avoid all good reasons for this features and are looking
for reasons why this patch is a bad idea, I am sure you can find them.
You seem to be suggesting that our reactions are pure obstructionism,
or that they
Robert Haas wrote:
On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian br...@momjian.us wrote:
If you want to avoid all good reasons for this features and are looking
for reasons why this patch is a bad idea, I am sure you can find them.
You seem to be suggesting that our reactions are pure
On Mon, 2009-12-07 at 22:25 -0500, Greg Smith wrote:
David P. Quigley wrote:
Not to start a flame war here about access control models but you gave 3
different examples one of which I don't think has any means to do
anything productive here.
You won't be starting a flame war for the same
On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley dpqu...@tycho.nsa.gov wrote:
I'd be willing to take a look at the framework and see if it really is
SELinux centric. If it is we can figure out if there is a way to
accomodate something like SMACK and FMAC. I'd like to hear from someone
with
On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley dpqu...@tycho.nsa.gov wrote:
On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian br...@momjian.us wrote:
As Alvaro mentioned, the original patch used ACE but it added too much
code so the
On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley dpqu...@tycho.nsa.gov
wrote:
On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
On Mon, Dec 7, 2009 at 1:00 PM, Bruce Momjian br...@momjian.us wrote:
As Alvaro mentioned, the
On 12/8/09 11:51 AM, David P. Quigley dpqu...@tycho.nsa.gov wrote:
On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley dpqu...@tycho.nsa.gov
wrote:
On Mon, 2009-12-07 at 17:57 -0500, Robert Haas wrote:
On Mon, Dec 7, 2009 at 1:00 PM, Bruce
On Tue, Dec 8, 2009 at 12:16 PM, Chad Sellers csell...@tresys.com wrote:
On 12/8/09 11:51 AM, David P. Quigley dpqu...@tycho.nsa.gov wrote:
On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 10:51 AM, David P. Quigley dpqu...@tycho.nsa.gov
wrote:
On Mon, 2009-12-07
Robert Haas robertmh...@gmail.com writes:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve adding
SE-Linux-specific checks in many places in the code. It would be nice
if it were possible to use the exist
On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve adding
SE-Linux-specific checks in many places in the
On 12/8/09 12:36 PM, Robert Haas robertmh...@gmail.com wrote:
On Tue, Dec 8, 2009 at 12:16 PM, Chad Sellers csell...@tresys.com wrote:
On 12/8/09 11:51 AM, David P. Quigley dpqu...@tycho.nsa.gov wrote:
On Tue, 2009-12-08 at 11:48 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 10:51 AM,
On Tue, 2009-12-08 at 14:22 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve
* Robert Haas (robertmh...@gmail.com) wrote:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve adding
SE-Linux-specific checks in many places in the code.
I've really got to take exception to this. I've only been
On Tue, Dec 8, 2009 at 2:50 PM, David P. Quigley dpqu...@tycho.nsa.gov wrote:
On Tue, 2009-12-08 at 14:22 -0500, Robert Haas wrote:
On Tue, Dec 8, 2009 at 1:50 PM, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
One of the major and fundamental stumbling blocks
On Tue, 2009-12-08 at 15:24 -0500, Stephen Frost wrote:
* Robert Haas (robertmh...@gmail.com) wrote:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve adding
SE-Linux-specific checks in many places in the code.
On mån, 2009-12-07 at 17:33 +0100, Martijn van Oosterhout wrote:
On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
Given the extreme patience and diligence exhibited by KaiGai, I
hesitate to say this, but it seems to me that this would be
critically important for the long
On mån, 2009-12-07 at 11:45 -0500, Chris Browne wrote:
I feel about the same way about this as I did about the adding of
native Windows support; I'm a bit concerned that this could be a
destabilizing influence. I was wrong back then; the Windows support
hasn't had the ill effects I was
On Tue, Dec 8, 2009 at 3:24 PM, Stephen Frost sfr...@snowman.net wrote:
* Robert Haas (robertmh...@gmail.com) wrote:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve adding
SE-Linux-specific checks in many places in
On Tue, 2009-12-08 at 15:26 -0500, Robert Haas wrote:
[snip...]
I can say from experience that this project is very skeptical of
frameworks that aren't accompanied by at least one, and preferably
multiple, working implementations. So there is a bit of a chicken and
egg problem here. What
Peter Eisentraut pete...@gmx.net writes:
PGACE wasn't a plugin system. It was an API inside the core code. If
it had been a plugin system, this would have been much easier, because
the plugin itself could have been developed independently.
Well, it should certainly have used function
On Tue, 2009-12-08 at 16:51 -0500, Tom Lane wrote:
Peter Eisentraut pete...@gmx.net writes:
PGACE wasn't a plugin system. It was an API inside the core code. If
it had been a plugin system, this would have been much easier, because
the plugin itself could have been developed
Robert Haas wrote:
On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley dpqu...@tycho.nsa.gov
wrote:
I'd be willing to take a look at the framework and see if it really is
SELinux centric. If it is we can figure out if there is a way to
accomodate something like SMACK and FMAC. I'd like to hear
Robert Haas wrote:
Sorry. I spent a lot of time for both CommitFest 2008-11 and
CommitFest 2009-07 in the hopes of getting something committable, and
I wasn't successful. I'm just at the end of my rope. It seems fairly
clear that Tom isn't going to commit any piece of SE-PostgreSQL at
all,
David P. Quigley wrote:
So I was reading through a set of slides that KaiGai has and he
mentioned a May commitfest link and I looked for the comments related to
his PGACE patches. I've been crawling through the commitfest paces so I
can figure out what the latest version of the pgace patch is.
David P. Quigley wrote:
I understand that PostgreSQL is a fast moving target with a large developer
base but so is the Linux Kernel and a
similar framework has been working there for years now.
It sounds like how you're thinking about this project's development
model is inverted from the
David P. Quigley wrote:
On Tue, 2009-12-08 at 15:26 -0500, Robert Haas wrote:
[snip...]
I can say from experience that this project is very skeptical of
frameworks that aren't accompanied by at least one, and preferably
multiple, working implementations. So there is a bit of a chicken and
2009/12/9 Bruce Momjian br...@momjian.us:
I frankly think the patch should be thought of as the SE-Linux-specific
directory files, which KaiGai can maintain, and the other parts, which I
think I can handle.
I think that's a horribly bad idea.
We have already got a similar issue with ECPG,
Stephen Frost wrote:
* Robert Haas (robertmh...@gmail.com) wrote:
One of the major and fundamental stumbling blocks we've run into is
that every solution we've looked at so far seems to involve adding
SE-Linux-specific checks in many places in the code.
I've really got to take exception
Robert Haas wrote:
This is no harder than many of the other seemingly crazy things I have
done, e.g. Win32 port, client library threading. ?If this is a feature
we should have, I will get it done or get others to help me complete the
task.
Well, I have always thought that it would be
On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian br...@momjian.us wrote:
Robert Haas wrote:
This is no harder than many of the other seemingly crazy things I have
done, e.g. Win32 port, client library threading. ?If this is a feature
we should have, I will get it done or get others to help me
Robert Haas robertmh...@gmail.com wrote:
Bruce Momjian br...@momjian.us wrote:
Personally, I think AppArmor is a saner security system:
http://www.novell.com/linux/security/apparmor/selinux_comparison.html
Agreed.
I'd like to see us be able to support it. One of the things that
I
Robert Haas robertmh...@gmail.com writes:
On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian br...@momjian.us wrote:
I wonder if we should rephrase this as, How hard will this feature be
to add, and how hard will it be to remove in a few years if we decide we
don't want it?
Yes, I think that's
Kevin Grittner escribió:
I'd like to see us be able to support it. One of the things that
I think would be worth looking into is whether there is a way to
make this pluggable, so that selinux and apparmor and trusted
solaris and so on could make use of the same framework
Given the
On Mon, Dec 07, 2009 at 01:09:59PM -0300, Alvaro Herrera wrote:
Given the extreme patience and diligence exhibited by KaiGai, I
hesitate to say this, but it seems to me that this would be
critically important for the long term success of this feature. I
have no idea how much work it would
Martijn van Oosterhout klep...@svana.org writes:
I find it astonishing that after SE-PgSQL was implemented on top of a
pluggable system (PGACE) and this system was removed at request of the
community [1] that at this late phase people are suggesting it needs
to be added back again. Havn't the
t...@sss.pgh.pa.us (Tom Lane) writes:
Robert Haas robertmh...@gmail.com writes:
On Mon, Dec 7, 2009 at 9:48 AM, Bruce Momjian br...@momjian.us wrote:
I wonder if we should rephrase this as, How hard will this feature be
to add, and how hard will it be to remove in a few years if we decide we
Chris Browne cbbro...@acm.org writes:
I feel about the same way about this as I did about the adding of
native Windows support; I'm a bit concerned that this could be a
destabilizing influence. I was wrong back then; the Windows support
hasn't had the ill effects I was concerned it might
1 - 100 of 126 matches
Mail list logo