From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Yuli Khodorkovskiy <yuli(dot)khodorkovskiy(at)crunchydata(dot)com>, Kohei KaiGai <kaigai(at)heterodb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
Subject: | Re: add a MAC check for TRUNCATE |
Date: | 2019-09-06 15:21:45 |
Message-ID: | CA+TgmoacuA_J=Q16g4VpEJ9J743MoqChaN8atj+g_qguuAMyHw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Sep 6, 2019 at 10:40 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> There are actual reasons why the 'DELETE' privilege is *not* the same as
> 'TRUNCATE' in PostgreSQL and I'm really not convinced that we should
> just be tossing that distinction out the window for users of SELinux.
+1.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Daniel Verite | 2019-09-06 15:25:57 | Re: [PATCH] vacuumlo: print the number of large objects going to be removed |
Previous Message | Andrew Dunstan | 2019-09-06 15:09:02 | Re: pgsql: Use data directory inode number, not port, to select SysV resour |