Aidan Van Dyk wrote: > Simlarly, SElinux is going to be used *on top* of any application that's > out there, to try and enfoce the "no data coming in from a secure input" > leaves through a "less secure output", irrespective of what app level > security (and in this case, app-level being the SQL/SCHEMA/row-level) > does itself...
It is incorrect. SELinux works as a security server which provides access control decisions for other subsystems. In this model, the kernel is also considered as one of the subsystems. Currently, X-window system has SELinux support because it manages window objects in userspace, and we can use them as a method to communicate other processes. (Please imagine copy&paste buffer.) This slide will help your understand: http://selinux-symposium.org/2007/slides/03-xorg.pdf Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
