Re: Updates of SE-PostgreSQL 8.4devel patches

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches
Date: 2008-09-25 19:56:51
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

KaiGai Kohei wrote:
> Bruce Momjian wrote:
> >> > 2) Do we want row-level permissions at the SQL level?
> >>
> >> Now I'm working for it and will submit patches due to the end of Oct,
> >> if it is really required to make progress reviewing of SE-PostgreSQL
> >> on the v8.4 development cycle.
> >> However, the scale of its demand is unclear for me.
> >
> > Yes, which is why I would like the community to answer the question
> > before you have to start coding things. I will say that if we do want
> > it, the SE-Linux code will be 96% in separate modules and will make it
> > much easier to accept.
> OK, I'll stop my hand today, and wait for pgsql-hacker's opinions.

Here is how I think SQL-level row permissions would work:

We already have an optional OID system column that can be specified
during table creation (WITH OIDS). We could have another optional oid
column (WITH ROW SECURITY) called security_context which would store the
oid of the role that can see the row; if the oid is zero (InvalidOid),
anyone can see it. SE-PostgreSQL would default to WITH ROW SECURITY and
use the oid to look up strings in pg_security.

Is this something we want for non-SE-PostgreSQL builds? SE-PostgreSQL
would still be a compile-time option because of all the additional
SE-Linux support code.

Bruce Momjian <bruce(at)momjian(dot)us>

+ If your life is a hard drive, Christ can be your backup. +

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Chris Browne 2008-09-25 21:50:00 Re: PostgreSQL future ideas
Previous Message Tom Lane 2008-09-25 18:01:45 Re: Missing results from scroll cursor in PostgreSQL 8.3.3?