SELinux and PostgreSQL: a worthwhile union?
Dec 18, 2009, 13:32 (0 Talkback[s])
(Other stories by Jonathan Corbet)
"The SE-PgSQL patch has struggled to get into the PostgreSQL
mainline; it is now preparing for what may well be its last push to
be merged. Whether it's successful may, in the end, depend on
whether it receives support from potential users.
"SELinux works by attaching labels to objects and roles to
actors, then enforcing rules describing what sort of access to
objects with specific labels is allowed to specific roles. It is a
highly flexible system, but also highly complex; even a minimal
SELinux policy can involve thousands of rules. The complexity of
SELinux has almost certainly inhibited its adoption in the broader
Linux community; when SELinux gets in the way of real work,
figuring out how to fix it can be a nontrivial task. Over the
years, many administrators have concluded, like Ted Ts'o, that
"life is too short for SELinux."
"That said, Fedora and Red Hat have slowly made progress in
using SELinux to confine parts of the system without creating too
much user pain. And there is certainly a place for more
comprehensive security models in general. But once one starts
protecting data at the filesystem level, it makes sense to ask
whether data which is accessed through higher-level mechanisms - a
relational database manager, say - should also be subject to the
system's security policies. In an ideal world, the same security
policy would be operative at all levels."