| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Ron Mayer <rm_pg(at)cheapcomplexdevices(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Peter Eisentraut <peter_e(at)gmx(dot)net>, PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: How to get SE-PostgreSQL acceptable |
| Date: | 2009-01-29 03:44:50 |
| Message-ID: | 49812632.8090007@ak.jp.nec.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Robert Haas wrote:
> On Wed, Jan 28, 2009 at 9:27 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> Robert,
>>
>> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
>>> pg_security (which I really think out to be renamed to
>>> pg_selinux_context or something, and make a new table if we someday
>>> support Trusted Solaris or whatever).
>> Err, this doesn't really make sense if we're doing row-level security,
>> that's not something which is tied to SELinux or Trusted Solaris. Of
>> course, it's likely we'll need such a pg_selinux_context table or
>> something too.. Or maybe pg_security can be pg_rls instead. Just
>> wanted to avoid confusion over this point.. Assuming Peter's approach
>> is the path that is generally agreed upon by core..
>
> I don't think there's anything about pg_security that is specific to
> row-level security.
Yes, SELinux requires any objects (not only tuples) to be labeled.
The pg_security is also necessary for tables/columns/...
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2009-01-29 03:44:54 | Re: 8.4 release planning |
| Previous Message | Robert Haas | 2009-01-29 03:43:41 | Re: How to get SE-PostgreSQL acceptable |