Europe Ltd, SAP Global Competence Center
KaiGai Kohei kohei.kai...@emea.nec.com
-Original Message-
From: Devrim GÜNDÜZ [mailto:dev...@gunduz.org]
Sent: 21. Mai 2011 07:46
To: Kohei Kaigai
Cc: Emanuel Calvo; postgresql Forums; KaiGai Kohei
Subject: Re: [GENERAL] Error compiling sepgsql
The attached patch fixes up case handling in foreign tables.
Now it didn't assign security label on foreign table on its creation
time, and didn't check access rights on the dml hook.
This patch fixes these problems; It allows foreign tables default
labeling and access checks as db_table object
this problem.
Thanks,
-Original Message-
From: pgsql-hackers-ow...@postgresql.org
[mailto:pgsql-hackers-ow...@postgresql.org] On Behalf Of
Kohei Kaigai
Sent: 10. Mai 2011 12:56
To: Robert Haas; Stephen Frost; Heikki Linnakangas; Tom Lane
Cc: pgsql-hackers
Subject: [HACKERS] [v9.2] Leaky
I'd like to summarize expected issues corresponding to leaky-view and RLS
towards v9.2, and PGcon2011/Developer Meeting.
We already made consensus the leaky-view is a problem to be fixed previous
to the row-level security feature.
We know several ways to leak/infer contents of tuples to be
I found a few misdescriptions at SECURITY LABEL documentation.
It might come from the COMMENT ON page.
The attached patch will fix them.
Thanks,
--
KaiGai Kohei kai...@kaigai.gr.jp
pgsql-fix-security-label-doc.patch
Description: Binary data
--
Sent via pgsql-hackers mailing list
Sorry, I missed a permission check on invocation of trusted procedures.
When client's label getting switched to Y from X, we needed to check
process:transition permission between label X and label Y.
It is same manner when OS launches a program with a special label to
cause domain transition.
I found a problem that extension.c does not invoke post-creation hook
on its creation time, although no module supports to assign security
label on extension objects right now.
The attached patch tries to fix it.
Thanks,
--
KaiGai Kohei kai...@kaigai.gr.jp
pgsql-extension-hook.patch
rules
to run SE-PostgreSQL.
Right now, Fedora 13/14 is the easiest way.
Thanks,
--
NEC Europe Ltd, Global Competence Center
KaiGai Kohei kohei.kai...@eu.nec.com
-Original Message-
From: Robert Haas [mailto:robertmh...@gmail.com]
Sent: 17. Februar 2011 11:42
To: Kohei Kaigai
Cc: Tom Lane
The attached patch removes rules to build a policy package for regression
test and modifies documentation part to introduce steps to run the test.
Thanks,
--
NEC Europe Ltd, Global Competence Center
KaiGai Kohei kohei.kai...@eu.nec.com
-Original Message-
From: Kohei Kaigai
Sent: 15
-Original Message-
From: Robert Haas [mailto:robertmh...@gmail.com]
Sent: 15 February 2011 16:52
To: Tom Lane
Cc: Andrew Dunstan; Kohei Kaigai; Stephen Frost; KaiGai Kohei; PgHacker
Subject: Re: [HACKERS] sepgsql contrib module
On Tue, Feb 15, 2011 at 11:41 AM, Tom Lane t
Sorry for the late responding, because of my relocation.
It would be good to have some buildfarm coverage of this code. Can we
find anyone brave enough to set up a buildfarm critter using
--with-selinux?
Although I don't have an account on the buildfarm, I'll set up an environment
for daily
14 environment in the buildfarm?
It is the most suitable distribution to set up sepgsql module, because the
default installation already has selinux configurations.
Thanks,
-Original Message-
From: Stephen Frost [mailto:sfr...@snowman.net]
Sent: 14 February 2011 16:29
To: Kohei Kaigai
2011/1/22 Robert Haas robertmh...@gmail.com:
On Fri, Jan 21, 2011 at 10:46 AM, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
On Fri, Jan 21, 2011 at 9:55 AM, Tom Lane t...@sss.pgh.pa.us wrote:
ALTER FUNCTION is supposed to cause plan invalidation in such a case.
2011/1/22 Robert Haas robertmh...@gmail.com:
On Fri, Jan 21, 2011 at 9:55 AM, Tom Lane t...@sss.pgh.pa.us wrote:
Robert Haas robertmh...@gmail.com writes:
For that matter, I wonder what happens with regular function
permissions. If the plan inlines the function and then somebody goes
and
[2/4] - sepostgresql-sepgsql-8.4devel-3.patch.gz
This patch provides SE-PostgreSQL facilities based on PGACE.
Security-Enhanced PostgreSQL (SE-PostgreSQL) is a security extension
built in PostgreSQL, to provide system-wide consistency in access
controls. It enables to apply a single unigied
Zdenek Kotala wrote:
Kohei KaiGai napsal(a):
It seems to me some of SE-PostgreSQL patches are not delivered yet,
although [3/4] and [4/4] were already done.
Does anti-spam system caught my previous three messages?
If necessary, I will send them again.
There is a file size limitation
[4/4] - sepostgresql-policy-8.4devel-3.patch
This patch gives us the default security policy for SE-PostgreSQL.
You can build it as a security policy module. It can be linked with
the existing distributor's policy, and reloaded.
--
OSS Platform Development Division, NEC
KaiGai Kohei [EMAIL
[3/4] - sepostgresql-pg_dump-8.4devel-3.patch
This patch gives us a feature to dump database with security attribute.
It is turned on with '--enable-selinux' option at pg_dump/pg_dumpall,
when the server works as SE- version.
No need to say, users need to have enough capabilities to dump whole of
It seems to me some of SE-PostgreSQL patches are not delivered yet,
although [3/4] and [4/4] were already done.
Does anti-spam system caught my previous three messages?
If necessary, I will send them again.
Thanks,
Kohei KaiGai wrote:
The series of patches are the proposal of Security-Enhanced
The series of patches are the proposal of Security-Enhanced PostgreSQL
(SE-PostgreSQL) for the upstreamed PostgreSQL 8.4 development cycle.
[1/4] sepostgresql-pgace-8.4devel-3.patch
provides PGACE (PostgreSQL Access Control Extension) framework
[2/4]
Kurt Roeckx wrote:
Hi,
Has anyone tried to use the huge tlb support of the Linux 2.6 kernel?
If you compile the kernel with support for it (CONFIG_HUGETLBFS), you
can call shmget() with a SHM_HUGETLB parameter so that it will use
larger pages.
Has anyone tried to use it? Is it worth trying to
501 - 521 of 521 matches
Mail list logo