[CentOS] PostgreSQL/SELinux Error - relation "pg_catalog.pg_user" does not exist
Peter Farrow
peter at farrows.org
Tue May 24 13:06:20 UTC 2005
"....as folks extolled the virtues of SELinux on Linux PDA's...."
Now that is funny.... :-)
Jason Dixon wrote:
> On May 24, 2005, at 4:04 AM, Peter Farrow wrote:
>
>> Maybe so... and if it works for you then use it, but sometimes when
>> people say "but we needed this or we needed that", they haven't
>> allways sat down and thought "why do we need it" or "do we really
>> 'need' this ?"
>>
>> Even having worked on government classified networks I have *never*
>> seen an instance where the standard access controls offered by
>> Linux/Unix didn't do what was required.
>>
>> Often DAC/MAC setups leads to inferior security because they can get
>> very complex to setup, and the term "can't see the wood for the
>> trees" springs to mind.
>>
>> As is most often the case the best security is the simplest, and
>> DAC/MAC bloat doesn't help in any way.
>
>
> I'm in agreement with you here. Nothing good can be had by throwing
> additional code at an already complex problem. I understand the need
> for MAC-type granularity, but SELinux is a bolt-on "solution" that
> causes as many problems as it solves. The answer lies in simplicity.
> If the solution cannot be found within the current design, then the
> current design is broken. Folks should not be afraid to change the
> UNIX permissions paradigm just because it's been the status quo for
> decades.
>
> Funny anecdote:
>
> I was giving a lightning talk at a Linux Security mini-conference in
> PA a couple months back. Marcus Ranum (of Nessus fame) was also
> speaking there. The overwhelming majority of speakers and attendees
> were pro-SELinux, as there was a lot of overflow from the DC SELinux
> conference the week before. Marcus is a very agnostic fellow who will
> tell you that all operating systems suck at one thing or another. It
> was funny catching glances of him shaking his head and grimacing as
> folks extolled the virtues of SELinux on Linux PDA's. :)
>
> --
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
More information about the CentOS
mailing list