Joshua Kramer wrote:
>
> Howdy Folks,
>
> I notice that several SELinux patches have been submitted in the
> CommitFest targeting Nov 1 for 8.4. Is this on track for implementation
> in Postgres core by 8.4?
Still under discussion. The idea is to get it merged for 8.4, *but*
there's three critical areas that need help:
1) making row-based permissions which is exposed to the SQL command line
and works even without SELinux.
2) coming up with some acceptable algorithm in which FKs can work with
row-based-permissions which can be improved in the future without
breaking backwards compatibility.
3) detailed checking of the current implementation of SEPostgres against
the Common Criteria requirements by someone who speaks "security tech".
So, anyone who wants this patch, **we need your help** in making it happen.
Also, as you can see, PostgreSQL is not about "good enough" but about
"as good as we can reasonably do". I think generally that since we're
releasing once a year, every year, holding off on a patch for one
version to make it "near perfect" is probably a good strategy ... as
much as it pains me to wait.
Current status of SEPostgres patch: hopeful, but not assured.
--Josh Berkus