On 2019-Aug-28, Joshua Brindle wrote: > I think we need to reign in the thread somewhat. The feature allows > end users to define some sandboxing within PG. Nothing is being forced > on anyone but we would like the capability to harden a PG installation > for many reasons already stated.
My own objection to this line of development is that it doesn't seem that any useful policy (allowed/denied syscall list) is part or intends to be part of the final feature. So we're shipping a hook system for which each independent vendor is going to develop their own policy. Joe provided an example syscall list, but it's not part of the patch proper; and it seems, per the discussion, that the precise syscall list to use is a significant fraction of this. So, as part of a committable patch, IMO it'd be good to have some sort of final list of syscalls -- maybe as part of the docbook part of the patch. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
