Skip site navigation (1) Skip section navigation (2)

Re: [sepgsql 2/3] Add db_schema:search permission checks

From: Simon Riggs <simon(at)2ndquadrant(dot)com>
To: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Cc: PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: [sepgsql 2/3] Add db_schema:search permission checks
Date: 2013-01-29 14:10:35
Message-ID: CA+U5nMKkDR=W0UusfP+wPhA-JHd2Sr+osr7DFc__kV+vyMZ3WQ@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On 29 January 2013 13:30, Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> wrote:

> It makes unavailable to control execution of
> functions from viewpoint of selinux, and here is no way selinux
> to prevent to execute functions defined by other domains, or
> others being not permitted.
> Also, what we want to do is almost same as existing permission
> checks, except for its criteria to make access control decision.

Do you have a roadmap of all the things this relates to?

If selinux has a viewpoint, I'd like to be able to see a list of
capabilities and then which ones are currently missing. I guess I'm
looking for external assurance that someone somewhere needs this and
that it fits into a complete overall plan of what we should do. Just
like we are able to use SQLStandard as a guide as to what we need to
implement, we would like something to refer back to. Does this have a
request id, specification document page number or whatever?

-- 
 Simon Riggs                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services


In response to

Responses

pgsql-hackers by date

Next:From: Amit KapilaDate: 2013-01-29 14:11:49
Subject: Re: Performance Improvement by reducing WAL for Update Operation
Previous:From: Stephen FrostDate: 2013-01-29 13:42:55
Subject: Re: Hm, table constraints aren't so unique as all that

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group