Re: RFC: seccomp-bpf support
| От | Tom Lane |
|---|---|
| Тема | Re: RFC: seccomp-bpf support |
| Дата | |
| Msg-id | 18995.1567087254@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: RFC: seccomp-bpf support (Joe Conway <mail@joeconway.com>) |
| Ответы |
Re: RFC: seccomp-bpf support
Re: RFC: seccomp-bpf support |
| Список | pgsql-hackers |
Joe Conway <mail@joeconway.com> writes:
> Clearly Joshua and I disagree, but understand that the consensus is not
> on our side. It is our assessment that PostgreSQL will be subject to
> seccomp willingly or not (e.g., via docker, systemd, etc.) and the
> community might be better served to get out in front and have first
> class support.
Sure, but ...
> But I don't want to waste any more of anyone's time on this topic,
> except to ask if two strategically placed hooks are asking too much?
... hooks are still implying a design with the filter control inside
Postgres. Which, as I said before, seems like a fundamentally incorrect
architecture. I'm not objecting to having such control, but I think
it has to be outside the postmaster, or it's just not a credible
security improvement. It doesn't help to say "I'm going to install
a lock to keep out a thief who *by assumption* is carrying lock
picking tools."
regards, tom lane
В списке pgsql-hackers по дате отправления: