Robert Haas wrote: > On Tue, Dec 8, 2009 at 10:07 AM, David P. Quigley <dpqu...@tycho.nsa.gov> > wrote: >> I'd be willing to take a look at the framework and see if it really is >> SELinux centric. If it is we can figure out if there is a way to >> accomodate something like SMACK and FMAC. I'd like to hear from someone >> with more extensive experience with Solaris Trusted Extensions about how >> TX would make use of this. I have a feeling it would be similar to the >> way it deals with NFS which is by having the process exist in the global >> zone as a privileged process and then multi-plexes it to the remaining >> zones. That way their getpeercon would get a label derived from the >> zone. > > Well, the old patches should still be available in the mailing list > archives. Maybe going back and looking at that code would be a good > place to start. The non-ripped-out code has been cleaned up a lot > since then, but at least it's a place to start.
We can see old branches here: http://code.google.com/p/sepgsql/source/browse/branches/pgsql-8.3.x/sepgsql/src/backend/security/pgaceHooks.c But I don't provide this framework for the 8.4.x/8.5.x, because this idea was rejected in the earlier discussion. Please consider it represent just a concept. Thanks. -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
