| From: | Joshua Brindle <method(at)manicmethod(dot)com> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: How to get SE-PostgreSQL acceptable |
| Date: | 2009-02-02 15:50:12 |
| Message-ID: | 49871634.3090403@manicmethod.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Josh Berkus wrote:
> Joshua, Kohei-san,
>
> So, for 8.4: *if* we included in 8.4 a version of SEPostgres with all
> features *except* row-level security, would it still be useful to the
> SELinux community?
>
> I think we're just not going to work out the headache-inducing issues
> around row-level security in time for 8.4, and it seems to me that
> integrated system-level security labels at the table-and-column level
> are still very useful, even without row-level security.
>
Sorry for the delay in answering, I'm currently on vacation (I haven't been able
to catch up on this thread yet either, I'll try to a little later).
The answer is yes, at least to get people started using it and make sure there
are no practical issues with the security model sans row access control.
But as I said earlier row based access control is going to be the most
compelling part so hopefully the issues everyone is having can get worked out
and the community will agree on the path forward, sooner rather than later.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Grzegorz Jaskiewicz | 2009-02-02 15:58:14 | Re: add_path optimization |
| Previous Message | Tom Lane | 2009-02-02 15:49:18 | Re: parallel restore |