| From: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Cc: | Gregory Stark <stark(at)enterprisedb(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |
| Date: | 2008-12-11 21:05:55 |
| Message-ID: | 200812112305.57279.peter_e@gmx.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thursday 11 December 2008 21:44:39 Gregory Stark wrote:
> > Because we want to use SQL-based row access control and SELinux-based row
> > access control at the same time. Isn't this exactly one of the
> > objections upthread? Both must be available at the same time.
>
> Well I don't think anyone would actually want them *at the same time*.
> Combining multiple security models would mean you aren't actually following
> any security model.
That doesn't follow. Using DAC and MAC together is quite standard. Even if
your kernel is SELinux-enabled and has a policy, you'd still want to use
normal permission bits. Same difference here.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Vladimir Sitnikov | 2008-12-11 21:19:35 | Re: benchmarking the query planner |
| Previous Message | Peter Eisentraut | 2008-12-11 21:03:19 | Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) |