Andrew Sullivan wrote:
>> In my vision, Apache assigns its contents handler an individual
>> security context based on HTTP authentication, source IP address
>> and so on just before web application invoked.
>> Because web applications works with individual least privilege set,
>> its accesses on filesystem are restricted by the security policy.
>> In a similar way, its accesses on databases are also restricted
>> via SE-PostgreSQL by same policy, by same privilege set.
>
> I want to focus on this description, because you appear to be limiting
> the problem scope tremendously here. We've moved from "general
> security policy for database system" to "security policy for database
> system as part of a web-application stack".
The "general security policy for database system" is an incorrect term.
SELinux does not cover database system only. It covers operating sytem
and application managing objects (like database object, X window, ...).
Thus, it should be talked as "general security policy for operating
system, database system and so on".
A web application stack is one of the most benefitical example.
Please consider what is contained within web-applications.
It accesses objects managed by operating system (like files),
objects managed by database system (like tables) concurrently,
but existing system does not alllow to manage them under a single
unified access control policy.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>