| From: | "Robert Haas" <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | "KaiGai Kohei" <kaigai(at)kaigai(dot)gr(dot)jp> |
| Cc: | "KaiGai Kohei" <kaigai(at)ak(dot)jp(dot)nec(dot)com>, "Peter Eisentraut" <peter_e(at)gmx(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |
| Date: | 2008-09-19 17:42:18 |
| Message-ID: | 603c8f070809191042n1945a319uf133f1bd981302e1@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> It's too early to vote. :-)
>
> The second and third option have prerequisite.
> The purpose of them is to match granularity of access controls
> provided by SE-PostgreSQL and native PostgreSQL. However, I have
> not seen a clear reason why these different security mechanisms
> have to have same granuality in access controls.
Have you seen a clear reason why they should NOT have the same granularity?
I realize that SELinux has become quite popular and that a lot of
people use it - but certainly not everyone. There might be some parts
of the functionality that are not really severable, and if that is the
case, fine. But I think there should be some consideration of which
parts can be usefully exposed via SQL and which can't. If the parts
that can be are independently useful, then I think they should be
available, but ultimately that's a judgment call and people may come
to different conclusions.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2008-09-19 17:50:32 | Re: Assert Levels |
| Previous Message | KaiGai Kohei | 2008-09-19 16:48:33 | Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep) |