| From: | Yuli Khodorkovskiy <yuli(dot)khodorkovskiy(at)crunchydata(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, Joe Conway <mail(at)joeconway(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Kohei KaiGai <kaigai(at)heterodb(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org, Joshua Brindle <joshua(dot)brindle(at)crunchydata(dot)com>, Mike P <mike(dot)palmiotto(at)crunchydata(dot)com> |
| Subject: | Re: add a MAC check for TRUNCATE |
| Date: | 2019-09-26 13:45:03 |
| Message-ID: | CAFL5wJfERNr2+OAXJJE3FsdSbzWDNL6aY8EgotUW-D-mhfrRZw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Sep 25, 2019 at 5:57 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
<snip>
> I don't see how the addition of a new permissions check could sanely
> be back-patched unless it were to default to "allow", which seems like
> an odd choice.
>
> regards, tom lane
That makes sense. Alternatively, we could back patch just the hook to
at least allow the option for an integrator to implement MAC using an
extension. Then the sepgsql changes could be back patched once the
SELinux policy has been merged into Fedora.
Thank you
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Luis Carril | 2019-09-26 13:47:28 | Re: Add FOREIGN to ALTER TABLE in pg_dump |
| Previous Message | Alvaro Herrera | 2019-09-26 13:43:27 | Re: Batch insert in CTAS/MatView code |