Re: [PATCH] SE-PgSQL/tiny rev.2193

Peter Eisentraut wrote:
> On Monday 20 July 2009 21:05:38 Joshua Brindle wrote:
>> How many people are you looking for? Is there a number or are you waiting
>> for a good feeling?
> 
> In my mind, the number of interested people is relatively uninteresting, as 
> long as it is greater than, say, three.
> 
> What is lacking here is a written specification.
> 
> When it comes to larger features, this development group has a great deal of 
> experience in implementing existing specifications, even relatively terrible 
> ones like SQL or ODBC or Oracle compatibility.  But the expected behavior has 
> to be written down somewhere, endorsed by someone with authority.  It can't 
> just be someone's idea.  Especially for features that are so complex, 
> esoteric, invasive, and critical for security and performance.
> 
> So I think if you want to get anywhere with this, scrap the code, and start 
> writing a specification.  One with references.  And then let's consider that 
> one.

At least, what is important is that SE-PgSQL performs with its security model
correctly, not how it is implemented. In fast, I have modified its implementation
and separated some of non-primary features several times.
As I said before, its implementation is flexible as far as it can implement
SELinux's security model correctly.

If PostgreSQL community requires its design specifications from the viewpoints
of developers, I don't have any reason not to provide it.

One question is what items should be described in the specifications?
I already provide a reference including a list of object classes and permissions.
http://wiki.postgresql.org/wiki/SEPostgreSQL_References

I guess you would like to see when/where/how SE-PgSQL checks what permissions,
what criteria to make its decision should be used, and so on.

-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>