Re: [PATCH] SE-PostgreSQL Security Policy

[Kohei KaiGai <kaigai@ak.jp.nec.com>]

Christopher J. PeBenito wrote:
> On Wed, 2008-02-13 at 18:29 +0900, Kohei KaiGai wrote:
>> The attached patch adds support for SE-PostgreSQL.
>> Most part of them are same as currently we are distributing via RPM package.
>>
>> This patch adds some booleans, attributes and types.
>> You can find out the detailed description about works of them in the chapter 5
>> of "The Security-Enhanced PostgreSQL Security Guide".
>> See, http://sepgsql.googlecode.com/files/sepgsql_security_guide.20070903.en.pdf
>>
>> Any comment please,
> 
> Just like with the X server, I don't believe that sepostgres should have
> its own module.

OK, I'll make next one as a patch for services/postgresql.*.

> At first glance, there appears to be too many
> attributes.  I'm guessing that you're doing the same thing that is done
> with the *_unconfined() interfaces.  We mainly do that to optimize size
> since unconfined brings in so many rules.

OK, I'll replace current interfaces by the following style's one.

interface(`sepostgresql_unconfined',`
         gen_require(`
                 attribute sepostgresql_unconfined_type;
         ')
         typeattribute $1 sepostgresql_unconfined_type;
')

> I also see references to types and attributes that belong do the module.

Is it unlabel_t and system_r?
Where is the best place to associate them with my local policy?

 > Also the auditing
> tunables seem unneeded; they seem to be more for debugging use.  I think
> I can get a better handle on the policy with these revisions.

Hmm...
The reason why I added these tunables is that database folks told me
that collecting logs in column/tuple level is an attractive feature,
because native DBMS cannot provide fine-grained access control and
cannot collect logs in these level.
Thus, I believe the feature to turn on/off auditing readily should
be remained.

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.