Re: Updates of SE-PostgreSQL 8.4devel patches (r1197)

Simon Riggs wrote:
> On Mon, 2008-11-24 at 22:09 +0900, KaiGai Kohei wrote:
> 
>> I removed the two hooks at the r1244 patch set.
>> As you said, it is fundamentally danger to load uncertain binary modules.
>> Thus, what we should do is checks on module loading.
>>
>> The default security policy requires loadable modules to be labeled as
>> 'lib_t' type which means shared library files installed correctly.
> 
> We definitely want to include add-in modules with high security systems,
> e.g. GIS and oracle compatibility functions.

Yes, it is possible.
SELinux assigns 'lib_t' type for modules stored in '/usr/lib/pgsql/' in default.

like:
[kaigai@saba ~]$ ls -Z /usr/lib/pgsql
-rwxr-xr-x  root root system_u:object_r:lib_t          ascii_and_mic.so
-rwxr-xr-x  root root system_u:object_r:lib_t          cyrillic_and_mic.so
-rwxr-xr-x  root root system_u:object_r:lib_t          dict_snowball.so
-rwxr-xr-x  root root system_u:object_r:lib_t          euc_cn_and_mic.so
-rwxr-xr-x  root root system_u:object_r:lib_t          euc_jis_2004_and_shift_jis_2004.so
-rwxr-xr-x  root root system_u:object_r:lib_t          euc_jp_and_sjis.so
-rwxr-xr-x  root root system_u:object_r:lib_t          euc_kr_and_mic.so    - snip -
(*) "-Z" option enables to show the security context of files.

SE-PostgreSQL does not prevent to load them. It means we want to allow to load library
files stored by database administrators properly, not a uncertain files.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>