On Tue, 27 Jan 2009, KaiGai Kohei wrote: > It seems to me some of pgsql-hackers concerned about security experts > don't join to its review process (except for me :), so it is unclear > whether the SE-PostgreSQL feature is really desired, or not, and > whether its security design is really appropriate, or not. It's a pity you couldn't make it to LCA, as I had a question which I suspect only you could answer. One thing I noticed was the use of MCS for labels relating to external subjects, and the type field being used apparently for internal purposes. Is this correct? (From memory, the type field of some rows were along the lines of fixed_table_t, presumably for internal db use). Can the entire security context be specified and utilized for the data itself ? e.g. Can data be inserted into the db with the label "system_u:object_r:shadow_t", corresponding exactly to the filesystem label of the file it came from? -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
