So if I label a table with an SELinux context and the type of my
client connection does not have policy to be able to access the table
type will an AVC be generated and the access denied?
Ted
On Tue, Jul 14, 2015 at 12:53 PM, Kohei KaiGai <kaigai@kaigai.gr.jp> wrote:
> 2015-07-15 2:39 GMT+09:00 Ted Toth <txtoth@gmail.com>:
>> That's exactly what I'm talking about like I said KaiGais branch was
>> never merged into the mainline so I do not believe that it is used at
>> all.
>>
> It depends on the definition of "integrated".
> The PostgreSQL core offers an infrastructure for label based security
> mechanism, not only selinux. Also, one extension module that is
> usually distributed with PosgreSQL bridges the world of database and
> the world of selinux (even though all the features I initially designed
> are not yet implemented). I like to say it is integrated.
>
>> On Tue, Jul 14, 2015 at 12:28 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>>> On Tue, Jul 14, 2015 at 1:22 PM, Ted Toth <txtoth@gmail.com> wrote:
>>>> I'm sort of new to this so maybe I'm missing something but since the
>>>> sepgsql SELinux userspace object manager was never integrated into
>>>> postgresql (AFAIK KaiGais branch was never merged into the mainline)
>>>> who uses these labels? What use are they?
>>>
>>> See contrib/sepgsql
>>>
>>> --
>>> Robert Haas
>>> EnterpriseDB: http://www.enterprisedb.com
>>> The Enterprise PostgreSQL Company
>
>
>
> --
> KaiGai Kohei <kaigai@kaigai.gr.jp>