A few days ago, a tiny initial version of SE-PostgreSQL got merged in the v9.1 development cycle at this commit: http://bit.ly/gF2QPQ Although it omits various features which I planned at first, it seems to me an ambitious first step. PostgreSQL has shifted to provide a set of facilities to implement label based mandatory access control, such as security label support on database objects or security hooks being available for plug-in modules. The current version of SE-PostgreSQL is implemented as a plugin module that utilizes these hooks (but only a limited places are covered), then it asks SELinux in kernel whether the required access shall be allowed, or not. In the next development, I'd like to expand its access control coverage using more fine grained security hooks. Right now, DDL permissions are restrictions. Also, row-level security is in-progress feature. I have much things to do for the v9.2 or v9.3, however, I'd like to appreciate people who have given me many feedbacks since 2006 Thanks, -- KaiGai Kohei <kaigai@xxxxxxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
