I also think it is a good idea to summarize current status of SE-PostgreSQL, as Simon Riggs doing on his works.
The current revision of SE-PostgreSQL is 1425, available here: [1/5] http://sepgsql.googlecode.com/files/sepostgresql-sepgsql-8.4devel-3-r1425.patch [2/5] http://sepgsql.googlecode.com/files/sepostgresql-utils-8.4devel-3-r1425.patch [3/5] http://sepgsql.googlecode.com/files/sepostgresql-policy-8.4devel-3-r1425.patch [4/5] http://sepgsql.googlecode.com/files/sepostgresql-docs-8.4devel-3-r1425.patch [5/5] http://sepgsql.googlecode.com/files/sepostgresql-tests-8.4devel-3-r1425.patch We had various kind of comments, feature requests and discussions during previous/current commit fest, then whole of them are already included. Currently, we have no open issues here. As I summarized as follows, we had many discussions about its design issues mainly, so my patch set has been updated to support them. I believe we should move to detailed-reviews to merge the feature any time now, since we should aware of v8.4 schedule. I really would like folks to help/volunteer reviewing the patches, please! * CommitFest:Nov - Simon Riggs requires a new GUC option to turn on/off row-level security labeling to reduce storage comsumption, then updated as follows: http://archives.postgresql.org/message-id/492691a8.8030...@ak.jp.nec.com - Bruce Momjian suggested Row-level database ACLs to be compiled in default. - Discussions for default compile options: PostgreSQL doesn't prefer compile time option to turn on/off features, except for platform specific one. SE-PostgreSQL is indeed platform specific feature. But, it makes other issue that need mutually-exclusive enhanced security feature. We concluded it as follows: - All configurable features should be compiled within a single binary. - Both of DAC and MAC should be available simultaneously in row-level also. - DAC is hardwired, and we allow users to choose an enhanced security feature. - I updated the patch set to support both of Row-level database ACLs and an enhanced security feature (SELinux) simultaneously. ('08/12/17) http://archives.postgresql.org/message-id/4948b6bd.1050...@ak.jp.nec.com - Robert Haas concerned about Stephen Frost's column-level privileges has a trouble, so it's unclear whether it can get merged into v8.4. - I also worked for his patch, then it got being ready for commit: http://archives.postgresql.org/message-id/20090116045825.gy4...@tamriel.snowman.net - Alvaro Herrera suggested "static inline" is not preferable. * CommitFest:Sep - Peter Eisentraut commented about its design specifications: http://archives.postgresql.org/message-id/48d03953.6000...@gmx.net - The hot issues were lack of fine-grained access controls in SQL-level, and covert channels with row-level controls. - We finally made agreement to provide platform independent row-level controls, and explicit documentation about covert channels in PK/FK constraints. No one didn't want to apply polyinstantiation idea. - Simon Riggs requires wiki article to introduce SE-PostgreSQL. http://wiki.postgresql.org/wiki/SEPostgreSQL - Patch set was updated to support Row-level database ACLs http://archives.postgresql.org/message-id/48f46606.4080...@ak.jp.nec.com * CommitFest:Jul - The patch set got documentation/testcases. - Peter Eisentraut commented about some of items: http://archives.postgresql.org/message-id/200807071739.58428.pete...@gmx.net - Then, these items are updated: http://archives.postgresql.org/message-id/48773188.6000...@ak.jp.nec.com * CommitFest:May - First patch set for v8.4 were proposed. - Tom Lane gave us various items to be improved. http://archives.postgresql.org/message-id/3275.1210019...@sss.pgh.pa.us - I had a presentation at PGcon2008 ottawa. http://sepgsql.googlecode.com/files/PGCON20080523.pdf * Prior phase - First proposal of PGACE security framework, but I didn't know it was just after the date of feature freeze in v8.3. So, it was suggested to wait for v8.4 development cycle. ('07/04/17) - 8.2.x based SE-PostgreSQL announced. ('07/09/04) - SE-PostgreSQL package got merged into Fedora Project. ('07/11/08) - 8.3.x based SE-PostgreSQL announced. ('08/03/08) Thanks, -- KaiGai Kohei <kai...@kaigai.gr.jp> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
