Joshua Brindle wrote:
Stephen Frost wrote:
* Joshua Brindle (met...@manicmethod.com) wrote:
They are separate. If you look at the patches you'll see a pgace
part, this is where the core interfaces to the security backends, and
you'll see a rowacl backend and an sepgsql backend.
Right, guess it wasn't clear to me that the PGACE bits for row-level
access control could be used independently of SELinux (and maybe even on
systems that don't have SELinux..?).
Sure, if you look at pgaceHooks.c you'll see:
It is basically possible to implement something like "PostgreSQL
Label Security" on PGACE framework.
But I don't want to discuss it now, because it surely burst
SE-PostgreSQL until v8.4 beta.
If desired, I'll queue it my todo list next to SE-PostgreSQL...
bool
pgaceExecScan(Scan *scan, Relation rel, TupleTableSlot *slot)
{
/* Hardwired DAC checks */
if (!rowaclExecScan(scan, rel, slot))
return false;
switch (pgace_feature)
{
#ifdef HAVE_SELINUX
case PGACE_FEATURE_SELINUX:
if (sepgsqlIsEnabled())
return sepgsqlExecScan(scan, rel, slot);
break;
#endif
default:
break;
}
return true;
}
Notice the rowacl call outside of the HAVE_SELINUX ifdefs
FYI:
In the earlier version, these are mutually exclusive, so we could
not apply SE-PostgreSQL, when a binary is built with RowAcl feature.
However, Bruce Momjian suggested it is not proper manner in
PostgreSQL, because it intend to wrap all available features
into a single binary due to packaging benefit, and all the
available options should be configured by runtime.
In addition, IIRC, Peter E suggested it is not symmetrical
that we cannot apply both of DAC and MAC on tuples simultaneously,
although SE-PostgreSQL applies MAC on tables/columns which
PostgreSQL has DAC features on.
So, I add a support simultaneous DAC&MAC.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kai...@ak.jp.nec.com>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
