Adding support for SE-Linux security
in [PgSql]
|
From: Bruce Momjian on 5 Dec 2009 00:14 Robert Haas wrote: > Actually, we tried that already, in a previous iteration of this > discussion. Someone actually materialized and commented on a few > things. The problem, as I remember it, was that they didn't know much > about PostgreSQL, so we didn't get very far with it. Unfortunately, I > can't find the relevant email thread at the moment. > > In fact, we've tried about everything with these patches. Tom > reviewed them, Bruce reviewed them, Peter reviewed them, I reviewed > them, Stephen Frost reviewed them, Heikki took at least a brief look > at them, and I think there were a few other people, too. The first > person who I can recall being relatively happy with any version of > this patch was Stephen Frost, commenting on the access control > framework that we suggested KaiGai try to separate from the main body > of the patch to break it into more managable chunks. That patch was > summarily rejected by Tom for what I believe were valid reasons. In > other words, in 18 months of trying we've yet to see something that is > close to being committable. Contrast that with Hot Standby, which > Heikki made a real shot at committing during the first CommitFest to > which it was submitted. > > I think David Fetter summarized it pretty well here - the rest of the > thread is worth reading, too. > > http://archives.postgresql.org/pgsql-hackers/2009-07/msg01159.php > > I think the only chance of this ever getting committed is if a > committer volunteers to take ownership of it, similar to what Heikki > has done for Hot Standby and Streaming Replication. Right now, we > don't have any volunteers, and even if Tom or Heikki were interested, > I suspect it would occupy their entire attention for several > CommitFests just as HS and SR have done for Heikki. I suspect the > amount of work for SE-PostgreSQL might even be larger than for HS. If > we DON'T have a committer who is willing to own this, then I don't > think there's a choice other than giving up. I offered to review it. I was going to mostly review the parts that impacted our existing code, and I wasn't going to be able to do a thorough job of the SE-Linux-specific files. -- Bruce Momjian <bruce(a)momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Robert Haas on 5 Dec 2009 06:47 On Sat, Dec 5, 2009 at 12:14 AM, Bruce Momjian <bruce(a)momjian.us> wrote: > Robert Haas wrote: >> Actually, we tried that already, in a previous iteration of this >> discussion. Someone actually materialized and commented on a few >> things. The problem, as I remember it, was that they didn't know much >> about PostgreSQL, so we didn't get very far with it. Unfortunately, I >> can't find the relevant email thread at the moment. >> >> In fact, we've tried about everything with these patches. Tom >> reviewed them, Bruce reviewed them, Peter reviewed them, I reviewed >> them, Stephen Frost reviewed them, Heikki took at least a brief look >> at them, and I think there were a few other people, too. The first >> person who I can recall being relatively happy with any version of >> this patch was Stephen Frost, commenting on the access control >> framework that we suggested KaiGai try to separate from the main body >> of the patch to break it into more managable chunks. That patch was >> summarily rejected by Tom for what I believe were valid reasons. In >> other words, in 18 months of trying we've yet to see something that is >> close to being committable. Contrast that with Hot Standby, which >> Heikki made a real shot at committing during the first CommitFest to >> which it was submitted. >> >> I think David Fetter summarized it pretty well here - the rest of the >> thread is worth reading, too. >> >> http://archives.postgresql.org/pgsql-hackers/2009-07/msg01159.php >> >> I think the only chance of this ever getting committed is if a >> committer volunteers to take ownership of it, similar to what Heikki >> has done for Hot Standby and Streaming Replication. Right now, we >> don't have any volunteers, and even if Tom or Heikki were interested, >> I suspect it would occupy their entire attention for several >> CommitFests just as HS and SR have done for Heikki. I suspect the >> amount of work for SE-PostgreSQL might even be larger than for HS. If >> we DON'T have a committer who is willing to own this, then I don't >> think there's a choice other than giving up. > > I offered to review it. I was going to mostly review the parts that > impacted our existing code, and I wasn't going to be able to do a > thorough job of the SE-Linux-specific files. Review it and commit it, after making whatever modifications are necessary? Or review it in part, leaving the final review and commit to someone else? I just read through the latest version of this patch and it does appear to be in significantly better shape than the versions I read back in July. So it might not require a Herculean feat of strength to get this in, but I still think it's going to be a big job. There's a lot of code here that needs to be verified and in some cases probably cleaned up or restructured. If you're prepared to take it on, I'm not going to speak against that, other than to say that I think you have your work cut out for you. ....Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Bruce Momjian on 5 Dec 2009 08:18 Robert Haas wrote: > > I offered to review it. ?I was going to mostly review the parts that > > impacted our existing code, and I wasn't going to be able to do a > > thorough job of the SE-Linux-specific files. > > Review it and commit it, after making whatever modifications are > necessary? Or review it in part, leaving the final review and commit > to someone else? > > I just read through the latest version of this patch and it does > appear to be in significantly better shape than the versions I read > back in July. So it might not require a Herculean feat of strength to > get this in, but I still think it's going to be a big job. There's a > lot of code here that needs to be verified and in some cases probably > cleaned up or restructured. If you're prepared to take it on, I'm not > going to speak against that, other than to say that I think you have > your work cut out for you. This is no harder than many of the other seemingly crazy things I have done, e.g. Win32 port, client library threading. If this is a feature we should have, I will get it done or get others to help me complete the task. -- Bruce Momjian <bruce(a)momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Ron Mayer on 5 Dec 2009 14:31 Robert Haas wrote: > On Thu, Dec 3, 2009 at 5:23 PM, Josh Berkus <josh(a)agliodbs.com> wrote: >> Kaigai, you've said that you could get SELinux folks involved in the >> patch review. I think it's past time that they were; please solicit them. > > Actually, we tried that already, in a previous iteration of this > discussion. Someone actually materialized and commented on a few > things. The problem, as I remember it, was that they didn't know much > about PostgreSQL, so we didn't get very far with it. Unfortunately, I > can't find the relevant email thread at the moment. IIRC, at least a couple of the guys mentioned on the NSA's SE-Linux page[1] participated - Joshua Brindle[2] and Chad Sellers[3] (in addition to Kaigai/NEC who's credited on the NSA site as well). Perhaps one or two others too - but with common names it's hard to guess. Links to the threads with Chad and Joshua below. [1] http://www.nsa.gov/research/selinux/contrib.shtml [2] http://www.google.com/search?q=site%3Aarchives.postgresql.org+brindle [3] http://www.google.com/search?q=site%3Aarchives.postgresql.org+chad+sellers -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
From: Robert Haas on 6 Dec 2009 21:29
On Sat, Dec 5, 2009 at 8:18 AM, Bruce Momjian <bruce(a)momjian.us> wrote: > Robert Haas wrote: >> > I offered to review it. ?I was going to mostly review the parts that >> > impacted our existing code, and I wasn't going to be able to do a >> > thorough job of the SE-Linux-specific files. >> >> Review it and commit it, after making whatever modifications are >> necessary? Or review it in part, leaving the final review and commit >> to someone else? >> >> I just read through the latest version of this patch and it does >> appear to be in significantly better shape than the versions I read >> back in July. So it might not require a Herculean feat of strength to >> get this in, but I still think it's going to be a big job. There's a >> lot of code here that needs to be verified and in some cases probably >> cleaned up or restructured. If you're prepared to take it on, I'm not >> going to speak against that, other than to say that I think you have >> your work cut out for you. > > This is no harder than many of the other seemingly crazy things I have > done, e.g. Win32 port, client library threading. If this is a feature > we should have, I will get it done or get others to help me complete the > task. Well, I have always thought that it would be sort of a feather in our cap to support this, which is why I've done a couple of reviews of it in the past. I tend to agree with Tom that only a small fraction of our users will probably want it, but then again someone's been paying KaiGai to put a pretty hefty amount of work into this over the last year-plus, so obviously someone not only wants the feature but wants it merged. Within our community, I think that there have been a lot of people who have liked the concept of this feature but very few who have liked the patch, so there's somewhat of a disconnect between our aspirations and our better technical judgment. Tom is a notable exception who I believe likes neither the concept nor the patch, which is something we may need to resolve before getting too serious about this. ....Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers |