On Wed, 2008-02-13 at 18:29 +0900, Kohei KaiGai wrote: > The attached patch adds support for SE-PostgreSQL. > Most part of them are same as currently we are distributing via RPM package. > > This patch adds some booleans, attributes and types. > You can find out the detailed description about works of them in the chapter 5 > of "The Security-Enhanced PostgreSQL Security Guide". > See, http://sepgsql.googlecode.com/files/sepgsql_security_guide.20070903.en.pdf > > Any comment please, Just like with the X server, I don't believe that sepostgres should have its own module. At first glance, there appears to be too many attributes. I'm guessing that you're doing the same thing that is done with the *_unconfined() interfaces. We mainly do that to optimize size since unconfined brings in so many rules. I also see references to types and attributes that belong do the module. Also the auditing tunables seem unneeded; they seem to be more for debugging use. I think I can get a better handle on the policy with these revisions. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150 -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
