Re: Proposal of SE-PostgreSQL patches [try#2]

Am Donnerstag, 26. Juni 2008 schrieb KaiGai Kohei:
> The following patch set (r926) are updated one toward the latest CVS head,
> and contains some fixes in security policy and documentation.

OK, I have quickly read through these patches.  They look very nice, so I am 
optimistic we can get through this.

First of all, now would be a good time if someone out there really wants to 
object to this feature in general.  It will probably always be a niche 
feature.  But all the code is hidden behind ifdefs or other constructs that a 
compiler can easily hide away (or we can make it so, at least).

Here is a presentation from PGCon on SE-PostgreSQL: 
http://www.pgcon.org/2008/schedule/events/77.en.html

Are there any comments yet from the (Trusted)Solaris people that wanted to 
evaluate this approach for compatibility with their approach?

In general, are we OK with the syntax CONTEXT = '...'?  I would rather see 
something like SECURITY CONTEXT '...'.  There are a lot of contexts, after 
all.

This will also add a system column called security_context.  I think that is 
OK.

In the pg_dump patch:

spelling mistake "tuen on/off"

Evil coding style: if (strcmp(SELINUX_SYSATTR_NAME, security_sysattr_name)) -- 
compare the result with 0 please.

The above code appears to assume that security_sysattr_name never changes, but
then why do we need a GUC parameter to show it?

Might want to change the option name --enable-selinux to something 
like --security-context.

In general, we might want to not name things selinux_* but instead
sepostgresql_* or security_* or security_context_*.  Or maybe PGACE?

On the default policy:

Should this really be a contrib module?  Considering that it would be a core
feature that is not really usable without a policy.

Please change all the sepgsql_* things to sepostgresql_*, considering that you
are using both already, so we shouldn't have both forms of names.

Documentation:

Looks good for a start, but we will probably want to write more later.