Hi all
Anybody here who has particular interest in or skill with SELinux is invited (begged?) to help test KaiGai Kohei's patches for enhancing PostgreSQL's SELinux/SEPostgreSQL support. These changes are proposed for 9.3, but have had relatively little interest from patch reviewers and are in danger of slipping to a later release without somebody interested in the area stepping up.
The patches are:
Add a new event type of object_access_hook named OAT_POST_ALTER. This allows extensions to catch controls just after system catalogs are updated. Patch also adds sepgsql permission check capability on some ALTER commands, but not all.
https://commitfest.postgresql.org/action/patch_view?id=1003 This patch adds sepgsql support for permission checks equivalent
to the existing SCHEMA USE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1065 This patch adds sepgsql support for permission checks almost
equivalent to the existing FUNCTION EXECUTE privilege:
https://commitfest.postgresql.org/action/patch_view?id=1066 This patch adds sepgsql the feature of name qualified creation label:
https://commitfest.postgresql.org/action/patch_view?id=1064 If you're interested in SELinux, please glance at the discussion linked to in those patch entries, then grab a patch and try it out as per the reviewer guidelines:
http://wiki.postgresql.org/wiki/Reviewing_a_Patch-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services