Stephen Frost wrote: >> I think what I should do on the next is ... >> - To check up whether it is really possible to implement SELinux's model. >> - To describe the list of the security functions in the new abstraction >> layer. >> - To discuss the list of permission at: >> >> http://wiki.postgresql.org/wiki/SEPostgreSQL_Development#Mandatory_access_controls > > That sounds like a good approach. As we define the security functions > to go into the abstraction layer, I would also say we should identify > the exact pieces of existing code which are going to move.
I began to describe the list of abstraction layer functions (but not completed yet): http://wiki.postgresql.org/wiki/SEPostgreSQL_Abstraction In my current impression, it indeed requires a few kilo lines of changes, but it is not impossible scale. I now plans to submit two patches for the next commit fest. The one is implementation of the abstraction layer. The other is basic implementation of the SE-PostgreSQL. So, I would like to fix external specification at least. The specifications for developer notes definitions of permissions: http://wiki.postgresql.org/wiki/SEPostgreSQL_Development As Robert suggested before, I plans to support access controls on the following database objects and permissions at the first stage. * databases * schemas * tables * columns * sequences * functions * tablespaces Do you have any comment for the directions? Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers