[CentOS] PostgreSQL/SELinux Error - relation "pg_catalog.pg_user" does not exist

Peter Farrow peter at farrows.org
Tue May 24 13:06:20 UTC 2005


"....as folks extolled the virtues of SELinux on Linux PDA's...."

Now that is funny.... :-)


Jason Dixon wrote:

> On May 24, 2005, at 4:04 AM, Peter Farrow wrote:
>
>>  Maybe so... and if it works for you then use it, but sometimes when 
>> people say  "but we needed this or we needed that",  they haven't 
>> allways sat down and thought "why do we need it" or "do we really 
>> 'need' this ?"
>>
>>  Even having worked on government classified networks I have *never* 
>> seen an instance where the standard access controls offered by 
>> Linux/Unix didn't do what was required.
>>
>>  Often DAC/MAC setups leads to inferior security because they can get 
>> very complex to setup, and the term "can't see the wood for the 
>> trees" springs to mind.
>>
>>  As is most often the case the best security is the simplest, and 
>> DAC/MAC bloat doesn't help in any way.
>
>
> I'm in agreement with you here.  Nothing good can be had by throwing 
> additional code at an already complex problem.  I understand the need 
> for MAC-type granularity, but SELinux is a bolt-on "solution" that 
> causes as many problems as it solves.  The answer lies in simplicity.  
> If the solution cannot be found within the current design, then the 
> current design is broken.  Folks should not be afraid to change the 
> UNIX permissions paradigm just because it's been the status quo for 
> decades.
>
> Funny anecdote:
>
> I was giving a lightning talk at a Linux Security mini-conference in 
> PA a couple months back.  Marcus Ranum (of Nessus fame) was also 
> speaking there.  The overwhelming majority of speakers and attendees 
> were pro-SELinux, as there was a lot of overflow from the DC SELinux 
> conference the week before.  Marcus is a very agnostic fellow who will 
> tell you that all operating systems suck at one thing or another.  It 
> was funny catching glances of him shaking his head and grimacing as 
> folks extolled the virtues of SELinux on Linux PDA's.  :)
>
> -- 
> Jason Dixon
> DixonGroup Consulting
> http://www.dixongroup.net
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos





More information about the CentOS mailing list