Re: Adding support for SE-Linux security - Mailing list pgsql-hackers
| From | Robert Haas |
|---|---|
| Subject | Re: Adding support for SE-Linux security |
| Date | |
| Msg-id | 603c8f070912101326w78f8a1d3if8f86ec50962f28c@mail.gmail.com Whole thread Raw |
| In response to | Re: Adding support for SE-Linux security (Bruce Momjian <bruce@momjian.us>) |
| Responses |
Re: Adding support for SE-Linux security
|
| List | pgsql-hackers |
On Wed, Dec 9, 2009 at 10:43 PM, Bruce Momjian <bruce@momjian.us> wrote: > Robert Haas wrote: >> On Wed, Dec 9, 2009 at 5:38 PM, Bruce Momjian <bruce@momjian.us> wrote: >> > If you want to avoid all good reasons for this features and are looking >> > for reasons why this patch is a bad idea, I am sure you can find them. >> >> You seem to be suggesting that our reactions are pure obstructionism, >> or that they have an ulterior motive. > > I am merely stating that this is the same as the Win32 port, and that > there are many reasons to believe the SE-PostgreSQL patch will cause all > sorts of problems --- this is not a surprise. I am giving a realistic > analysis of the patch --- if people want to say that thinking of it as > two separate patches that have to be maintained separately is a terrible > idea, I have no reply except to say that realistically that is the only > possible direction I see for this feature in the short term. Few > Postgres people modifying the permissions system are going to understand > how to modify SE-Linux support routines to match their changes. > > I got a similar reaction when I wanted to do the Win32 port, and the > reasons not to do it were similar to the ones I am hearing now. Finally > the agreement was that I could attempt the Win32 port as long as I > didn't destabilize the rest of the code --- not exactly a resounding > endorsement. Looking back I think everyone is glad we did the port, but > at the time there wasn't much support. I got the same reaction to > pg_migrator. > > I am having trouble figuring out when I should heed community concerns, > and when the concerns are merely because the task is > hard/messy/difficult. Frankly, we don't analyze hard/messy/difficult > tasks very well. Now, I am not saying that the SE-PostgreSQL patch > should be pursued, but I am saying that we shouldn't avoid it for these > reasons, because sometimes hard/messy/difficult is necessary to > accomplish dramatic software advances. I don't have any easy answers here. I'm actually trying not to make a value judgment about the feature and focus on the technical problems with the patch. If those problems are fixed, which as you say probably doable, then I don't mind seeing it committed. I think that the reason we don't analyze hard/messy/difficult problems very well is because on the one hand you have people saying "this feature would be great". On the other hand you have people saying "this feature will be a lot of work". But those things are not opposites. Unlike Tom (I think), I do believe that there is demand (possibly only from a limited number of people, but demand all the same) for this feature. And I also believe that most people in our community are generally supportive of the idea, but only a minority are willing to put in time to make it happen. So I have no problem saying to the people who want the feature - none of our committers feel like working on this. Sorry. On the other hand, I also have no problem telling them - good news, Bruce Momjian thinks this is a great feature and wants to help you get it done. I *do* have a problem with saying - we don't really know whether anyone will ever want to work on this with you or not. ...Robert
pgsql-hackers by date: