Re: rest of works for security providers in v9.1

2010/12/13 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
>>> It is a good news for me also, because I didn't imagine SE-PostgreSQL
>>> module getting upstreamed, even if contrib module.
>>>
>>> OK, I'll focus on the works to merge the starter-version of SE-PostgreSQL
>>> as a contrib module in the last commit fest.
>>>
>>> Probably, I need to provide its test cases and minimum documentations
>>> in addition to the code itself. Anything else?
>>
>> Extremely detailed instructions on how to test it.
>>
> Indeed, it will be necessary.
>
> Two more questions:
> How does the contrib module behave when we try to make all the
> contrib modules on the platform that doesn't provide libselinux?
> One idea is to add a few checks about selinux environment in
> the configure script.

That sounds about right. Presumably, the handling would be similar to
what we already do for sslinfo, uuid-ossp, or xml2.

> I counted number of lines of the sepgsql module that implement
> only currently supported hooks. It has 3.2KL of code not.

Uh, wow. That's rather surprising. I thought that it would be
measured in hundreds of lines. Aren't the hooks that we implemented a
pretty close match for what SE-Linux needs? What is all that code
doing?

> How about scale of the patch to review?

Are there some inessential portions that we could strip out for v1?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company