SELinux users - Please consider testing SELinux/SEPostgreSQL patches
| От | Craig Ringer |
|---|---|
| Тема | SELinux users - Please consider testing SELinux/SEPostgreSQL patches |
| Дата | |
| Msg-id | 50FCF27A.4050905@2ndQuadrant.com обсуждение исходный текст |
| Ответы |
Re: SELinux users - Please consider testing SELinux/SEPostgreSQL
patches
Re: SELinux users - Please consider testing SELinux/SEPostgreSQL patches |
| Список | pgsql-general |
Hi all
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
The patches are:
Add a new event type of object_access_hook named OAT_POST_ALTER. This allows extensions to catch controls just after system catalogs are updated. Patch also adds sepgsql permission check capability on some ALTER commands, but not all.
https://commitfest.postgresql.org/action/patch_view?id=1003
This patch adds sepgsql support for permission checks equivalent
to the existing SCHEMA USE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1065
This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1066
This patch adds sepgsql the feature of name qualified creation label:
https://commitfest.postgresql.org/action/patch_view?id=1064
If you're interested in SELinux, please glance at the discussion linked to in those patch entries, then grab a patch and try it out as per the reviewer guidelines:
http://wiki.postgresql.org/wiki/Reviewing_a_Patch
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
The patches are:
Add a new event type of object_access_hook named OAT_POST_ALTER. This allows extensions to catch controls just after system catalogs are updated. Patch also adds sepgsql permission check capability on some ALTER commands, but not all.
https://commitfest.postgresql.org/action/patch_view?id=1003
This patch adds sepgsql support for permission checks equivalent
to the existing SCHEMA USE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1065
This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1066
This patch adds sepgsql the feature of name qualified creation label:
https://commitfest.postgresql.org/action/patch_view?id=1064
If you're interested in SELinux, please glance at the discussion linked to in those patch entries, then grab a patch and try it out as per the reviewer guidelines:
http://wiki.postgresql.org/wiki/Reviewing_a_Patch
-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services
В списке pgsql-general по дате отправления: