From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
---|---|
To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
Cc: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Bruce Momjian <bruce(at)momjian(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1197) |
Date: | 2008-11-18 07:05:36 |
Message-ID: | 1226991936.3790.71.camel@ebony.2ndQuadrant |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, 2008-11-18 at 15:02 +0900, KaiGai Kohei wrote:
> If we focus on the CreateTemplateTupleDesc(), 5 of call points give
> possibile "hasoid" argument, and rest of them always give "false".
> I guess it will be same in the security context cases.
> However, we have to change all the call points when the declaration
> is changed.
Looks promising.
> > Another way would be to include a security context in all newly
> created
> > tuples, but remove it during heap_update, heap_insert etc if it is
> > unused by the relation. That seems more straightforward.
>
> It is not a reasonable option.
>
> The length of HeapTupleData is determined during heap_form_tuple(),
> and it is unchanged later. Thus, we have to interpose here, as object
> identifier doing.
Currently yes. Is there a reason not to? Do we rely on the tuple length
staying same after those operations?
Just considering multiple ways of making the context optional.
> >> Some of distributions now provides SELinux option, but not a
> default.
> >> I know Debian, Ubuntu, Gentoo and SuSE are doing.
> >
> > SUSE?
>
> The "u" might be a large-letter.
Sorry, I wasn't correcting your spelling! :-)
I was asking whether Su/USE are definitely supporting SELinux now? I
have not heard that.
--
Simon Riggs www.2ndQuadrant.com
PostgreSQL Training, Services and Support
From | Date | Subject | |
---|---|---|---|
Next Message | KaiGai Kohei | 2008-11-18 07:51:33 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1197) |
Previous Message | Jeff Davis | 2008-11-18 06:42:21 | Re: Patch Review Complete: Multi-Batch Hash Join Improvements |