| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |
| Date: | 2008-12-05 03:33:21 |
| Message-ID: | 4938A101.8010902@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
>> I don't oppose to elimination of "--disable-row-acl" options, however,
>> it is not clear for me whether it should be unavoidable selection in
>> the future, or not.
>
> Look at the existing configure options; we don't remove features via
> configure unless it is for some platform-specific reason. Please remove
> the configure option and make it always enabled.
OK, I'll update it in the next patch set.
>>> I assume that could just be always enabled.
>> It is not "always" enabled. When we build it with SE-PostgreSQL feature,
>> rest of enhanced security features (includes the row-level ACL) are
>> disabled automatically, as we discussed before.
>
> Oh. Is that because we use SE-Linux row-level security when
> SE-PostgreSQL is enabled? I guess that makes sense.
Yes, when SE-PostgreSQL is enabled, it provides row-level security,
and the per-tuple security field is used to show its security context.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-12-05 03:41:18 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |
| Previous Message | Joshua D. Drake | 2008-12-05 03:29:24 | Re: Simple postgresql.conf wizard |