Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Date: 2008-12-05 03:41:18
Message-ID: 200812050341.mB53fIs23768@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

KaiGai Kohei wrote:
> >> I don't oppose to elimination of "--disable-row-acl" options, however,
> >> it is not clear for me whether it should be unavoidable selection in
> >> the future, or not.
> >
> > Look at the existing configure options; we don't remove features via
> > configure unless it is for some platform-specific reason. Please remove
> > the configure option and make it always enabled.
>
> OK, I'll update it in the next patch set.

Good. I assume the SQL-row security patch is not testable alone with
out the rest of the patches, right?

> >>> I assume that could just be always enabled.
> >> It is not "always" enabled. When we build it with SE-PostgreSQL feature,
> >> rest of enhanced security features (includes the row-level ACL) are
> >> disabled automatically, as we discussed before.
> >
> > Oh. Is that because we use SE-Linux row-level security when
> > SE-PostgreSQL is enabled? I guess that makes sense.
>
> Yes, when SE-PostgreSQL is enabled, it provides row-level security,
> and the per-tuple security field is used to show its security context.

Yes, that seems fine.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Euler Taveira de Oliveira 2008-12-05 03:43:58 Re: portability of "designated initializers"
Previous Message KaiGai Kohei 2008-12-05 03:33:21 Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)