Re: SE-PgSQL patch review

On Tue, 2009-12-01 at 14:46 -0500, Tom Lane wrote:
> "Joshua D. Drake" <jd@commandprompt.com> writes:
> > On Mon, 2009-11-30 at 20:28 -0800, David Fetter wrote:
> >> This is totally separate from the really important question of whether
> >> SE-Linux has a future, and another about whether, if SE-Linux has a
> >> future, PostgreSQL needs to go there.
>
> > Why would we think that it doesn't?
>
> Have you noticed anyone except Red Hat taking it seriously?

I just did a little research and it appears the other two big names in
this world (Novel and Ubuntu) are using something called App Armor.

>
> I work for Red Hat and have drunk a reasonable amount of the SELinux
> koolaid, but I can't help observing that it's had very limited uptake
> outside Red Hat.  It's not clear that there are many people who find
> it a cost-effective solution to their problems.  As for the number of
> people prepared to write custom policy for it --- which would be
> required to use it effectively for almost any PG application ---
> I could probably hold a house party for all of them and not break a
> sweat serving drinks.

Your argument certainly holds weight. The only thing I would suggest
outside of that is... it may only be Red Hat but that is a darn big hat
in Linux enterprise space.

Sincerely,

Joshua D. Drake


>
>             regards, tom lane
>


--
PostgreSQL.org Major Contributor
Command Prompt, Inc: http://www.commandprompt.com/ - 503.667.4564
Consulting, Training, Support, Custom Development, Engineering
If the world pushes look it in the eye and GRR. Then push back harder. - Salamander