From: Andy Warner <warner@rubix.com>
To: "cto@itechfrontiers.com" <cto@itechfrontiers.com>
Cc: "Ger Lawlor (gelawlor)" <gelawlor@cisco.com>,
KaiGai Kohei <kaigai@ak.jp.nec.com>,
selinux@tycho.nsa.gov
Subject: Re: Tiny version of SE-PostgreSQL got merged
Date: Mon, 31 Jan 2011 12:46:23 +0100 [thread overview]
Message-ID: <4D46A10F.6060809@rubix.com> (raw)
In-Reply-To: <4D469BA4.8@itechfrontiers.com>
[-- Attachment #1: Type: text/plain, Size: 4068 bytes --]
I would add that using a partitioned architecture (e.g., "it is possible
to achieve this by separation of databases and their storage location")
is not the same as having an integrated MLS database. There are certain
abilities that will not be nativly available, such as row based
polyinstantiation (I realize PG does not do this but others MLS DBMS's
do), true multi-level table views, and intra-table, inter-level key
uniqueness. There are other functionality that also would not be
possible with a partitioned approach. This is why, at least on some
level, Trusted DBMS's (MLS and other policies) continue to exist.
On 1/31/2011 12:23 PM, cto@itechfrontiers.com wrote:
> Hello Ger.
>
> I actually asked this before from Mr. Kohei, and we had a hot debate
> here I refer you to this archive:
>
> http://marc.info/?l=selinux&m=129178180819602&w=2
>
> Also this is original proposal of the project from Mr. KaiGai Kohei
>
> http://sepgsql.googlecode.com/files/PGcon2010-KaiGai-LAPP_SELinux.pdf
>
> In brief:
>
> Since it is possible to use file labels and database locations and
> have multiple instances of Postgresql as it is process based daemon,
> and just separate classified and unclassified databases from each other
>
> BUT:
>
> the goal of Mr. KaiGai Kohei and se-postgresql project is to introduce
> MLS (Multilevel Security) to the structure of the database and its
> ACL model for each user of the database in example up to the rows and
> columns, so in practice THEORETICALLY it would be possible to mix
> classified or unclassified records within a single database and have
> various levels of users with different levels of access
> (however in practice it may not be recommended)
>
> Currently with PostgreSQL it is possible to achieve this by separation
> of databases and their storage location; you have to completely
> separate the datases, processes and daemons accessing such resources
> up to different classifications you want to serve records on an MLS
> systems.
>
>
>
> Best,
>
> Patrick K.
>
>
>
>
>
> On 1/31/2011 5:09 AM, Ger Lawlor (gelawlor) wrote:
>> I'm only new to SeLinux, but will have requirements around PostgreSQL.
>> Can you give me some background and info on why
>> This SE-PostgresQL exists? Is it specific to this database, or are there
>> similar projects for other database types?
>> Was it not possible to label files within a default installation? Was
>> this insufficient for Postgres security?
>>
>> Thanks,
>> Ger.
>>
>> -----Original Message-----
>> From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov]
>> On Behalf Of KaiGai Kohei
>> Sent: Monday, January 31, 2011 8:14 AM
>> To: selinux@tycho.nsa.gov
>> Subject: Tiny version of SE-PostgreSQL got merged
>>
>> A few days ago, a tiny initial version of SE-PostgreSQL got merged
>> in the v9.1 development cycle at this commit: http://bit.ly/gF2QPQ
>>
>> Although it omits various features which I planned at first, it
>> seems to me an ambitious first step.
>> PostgreSQL has shifted to provide a set of facilities to implement
>> label based mandatory access control, such as security label support
>> on database objects or security hooks being available for plug-in
>> modules.
>>
>> The current version of SE-PostgreSQL is implemented as a plugin
>> module that utilizes these hooks (but only a limited places are
>> covered), then it asks SELinux in kernel whether the required
>> access shall be allowed, or not.
>>
>> In the next development, I'd like to expand its access control coverage
>> using more fine grained security hooks. Right now, DDL permissions are
>> restrictions. Also, row-level security is in-progress feature.
>>
>> I have much things to do for the v9.2 or v9.3, however, I'd like to
>> appreciate people who have given me many feedbacks since 2006
>>
>> Thanks,
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
[-- Attachment #2: Type: text/html, Size: 6464 bytes --]
next prev parent reply other threads:[~2011-01-31 11:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-31 8:13 Tiny version of SE-PostgreSQL got merged KaiGai Kohei
2011-01-31 10:09 ` Ger Lawlor (gelawlor)
2011-01-31 11:23 ` cto
2011-01-31 11:46 ` Andy Warner [this message]
2011-01-31 11:49 ` Ger Lawlor (gelawlor)
2011-01-31 12:18 ` cto
2011-01-31 13:10 ` Andy Warner
2011-01-31 11:03 ` cto
2011-01-31 13:40 ` Stephen Smalley
2011-01-31 17:53 ` cto
2011-02-14 1:35 ` Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D46A10F.6060809@rubix.com \
--to=warner@rubix.com \
--cc=cto@itechfrontiers.com \
--cc=gelawlor@cisco.com \
--cc=kaigai@ak.jp.nec.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.