Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

Peter Eisentraut wrote:
> KaiGai Kohei wrote:
> > I don't agree. What is the reason why? It has been unclear for me.
> >
> > The PGACE security framework is designed to allow users to choose
> > an enhanced security mechanism from some of provided options.
> > (Currently, we have sepgsql and rowacl.)
> > It is quite natural that one is disabled when the other is enabled.
>
> As a general rule, mutually exclusive features as compile-time option
> should be avoided at all costs. Since most people use binary packages,
> forcing the packager to make such a choice will always make a lot of
> people unhappy, or alternatively cause one of the features to bitrot.
>
> As a secondary rule, mutually exclusive features should be avoided at
> all, without a compelling reason. I don't see such a reason here.

I think there is a reason to have SE-Linux be compile-time because there
is no way to know at run time if the OS has the SE-Linux libraries,
right? I assume this is similar to how we do LDAP.

But your larger point is that SQL-row-level security should always be
available, which I just posted about.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +