KaiGai Kohei wrote:
> I've updated my patches, it contains a few bugfixes.
>
> [1/6]
> http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1168.patch
> [2/6]
> http://sepgsql.googlecode.com/files/sepostgresql-pg_dump-8.4devel-3-r1168.patch
> [3/6]
> http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1168.patch
> [4/6]
> http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1168.patch
> [5/6]
> http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1168.patch
> [6/6]
> http://sepgsql.googlecode.com/files/sepostgresql-row_acl-8.4devel-3-r1168.patch
>
> The comprehensive documentation for SE-PostgreSQL is here:
> http://wiki.postgresql.org/wiki/SEPostgreSQL (it is now under reworking.)
>
> List of updates:
> - Patches are rebased to the latest CVS HEAD.
> - bugfix: permission checks are ignored for per statement trigger functions
> - bugfix: per-statement trigger function ignored trusted function
> configuration
> - bugfix: not a proper permission check on lo_export(xxx, '/dev/null')
>
> > Request for Comments:
> > - The 4th patch is actually needed? It can be replaced by wiki page.
> > - Do you think anything remained towards the final CommitFest?
> > - Do you have any reviewing comment? Most of patches are unchanged from
> > the previous vesion. If you can comment anything, I can fix them without
> > waiting for the final commit fest.
I just looked over the patch. This new version with row-level SQL
security has certainly reduced the SE-Linux-specific part, which is
good.
It was interesting how you implemented SQL-level column-level
permissions:
CREATE TABLE customer (
cid integer primary key,
cname varchar(32),
credit varchar(32) SECURITY_CONTEXT =
'system_u:object_r:sepgsql_secret_table_t'
);
I am unclear how that will behave with the column-level permissions
patch someone is working on. I am wondering if your approach is clearer
than the other patch because it gives a consistent right policy for rows
and columns.
I was wondering why you mention the NSA (U.S. National Security Agency)
in the patch?
+# NSA SELinux support
The size of the patch is still larger but I don't see any way to reduce it:
1275 sepostgresql-docs-8.4devel-3-r1168.patch
625 sepostgresql-pg_dump-8.4devel-3-r1168.patch
829 sepostgresql-policy-8.4devel-3-r1168.patch
1736 sepostgresql-row_acl-8.4devel-3-r1168.patch
10847 sepostgresql-sepgsql-8.4devel-3-r1168.patch
1567 sepostgresql-tests-8.4devel-3-r1168.patch
16879 total
--
Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
