Robert Haas wrote: > On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley <[email protected]> > wrote: >> I'd be willing to take a look at the framework and see if it really is >> SELinux centric. If it is we can figure out if there is a way to >> accomodate something like SMACK and FMAC. I'd like to hear from someone >> with more extensive experience with Solaris Trusted Extensions about how >> TX would make use of this. I have a feeling it would be similar to the >> way it deals with NFS which is by having the process exist in the global >> zone as a privileged process and then multi-plexes it to the remaining >> zones. That way their getpeercon would get a label derived from the >> zone. > > Well, the old patches should still be available in the mailing list > archives. Maybe going back and looking at that code would be a good > place to start. The non-ripped-out code has been cleaned up a lot > since then, but at least it's a place to start.
We can see old branches here: http://code.google.com/p/sepgsql/source/browse/branches/pgsql-8.3.x/sepgsql/src/backend/security/pgaceHooks.c But I don't provide this framework for the 8.4.x/8.5.x, because this idea was rejected in the earlier discussion. Please consider it represent just a concept. Thanks. -- OSS Platform Development Division, NEC KaiGai Kohei <[email protected]> -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
