PostgreSQL/SELinux Error - relation "pg_catalog.pg_user" does not exist

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On May 24, 2005, at 4:04 AM, Peter Farrow wrote:

>  Maybe so... and if it works for you then use it, but sometimes when 
> people say? "but we needed this or we needed that",? they haven't 
> allways sat down and thought "why do we need it" or "do we really 
> 'need' this ?"
>
>  Even having worked on government classified networks I have *never* 
> seen an instance where the standard access controls offered by 
> Linux/Unix didn't do what was required.
>
>  Often DAC/MAC setups leads to inferior security because they can get 
> very complex to setup, and the term "can't see the wood for the trees" 
> springs to mind.
>
>  As is most often the case the best security is the simplest, and 
> DAC/MAC bloat doesn't help in any way.

I'm in agreement with you here.  Nothing good can be had by throwing 
additional code at an already complex problem.  I understand the need 
for MAC-type granularity, but SELinux is a bolt-on "solution" that 
causes as many problems as it solves.  The answer lies in simplicity.  
If the solution cannot be found within the current design, then the 
current design is broken.  Folks should not be afraid to change the 
UNIX permissions paradigm just because it's been the status quo for 
decades.

Funny anecdote:

I was giving a lightning talk at a Linux Security mini-conference in PA 
a couple months back.  Marcus Ranum (of Nessus fame) was also speaking 
there.  The overwhelming majority of speakers and attendees were 
pro-SELinux, as there was a lot of overflow from the DC SELinux 
conference the week before.  Marcus is a very agnostic fellow who will 
tell you that all operating systems suck at one thing or another.  It 
was funny catching glances of him shaking his head and grimacing as 
folks extolled the virtues of SELinux on Linux PDA's.  :)

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux