Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

Aidan Van Dyk wrote:
> Simlarly, SElinux is going to be used *on top* of any application that's
> out there, to try and enfoce the "no data coming in from a secure input"
> leaves through a "less secure output", irrespective of what app level
> security (and in this case, app-level being the SQL/SCHEMA/row-level)
> does itself...

It is incorrect.
SELinux works as a security server which provides access control decisions
for other subsystems. In this model, the kernel is also considered as one
of the subsystems.

Currently, X-window system has SELinux support because it manages window
objects in userspace, and we can use them as a method to communicate
other processes. (Please imagine copy&paste buffer.)

This slide will help your understand: http://selinux-symposium.org/2007/slides/03-xorg.pdf

Thanks,
-- 
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>