| From: | "Robert Haas" <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | "KaiGai Kohei" <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | "Bruce Momjian" <bruce(at)momjian(dot)us>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, "Aidan Van Dyk" <aidan(at)highrise(dot)ca>, josh(at)agliodbs(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |
| Date: | 2008-09-25 00:46:31 |
| Message-ID: | 603c8f070809241746j2008b2eaxb62ebdf5b7831304@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> Yes, we need '--enable-selinux' to activate all of SE-PostgreSQL features.
>
> In addition, these are invoked via security hooks which are declared
> as inline functions. So, I think it does not give us additional loss of
> performances when you don't add the compile time option explicitly.
That is good as far as it goes but I assume that if this patch is
accepted many vendors will build with this feature enabled, and many
end-users will turn off SELinux but keep the same binaries. It's
important that those people don't get hosed either.
It's also probably worth asking what the performance penalty is when
you ARE using all the bells and whistles.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-09-25 01:19:45 | Re: Transaction Snapshots and Hot Standby |
| Previous Message | KaiGai Kohei | 2008-09-25 00:26:06 | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |