| From: | Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SE-PgSQL patch review |
| Date: | 2009-11-25 08:34:32 |
| Message-ID: | 20091125173432.92A5.52131E4D@oss.ntt.co.jp |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> wrote:
> >>> ==== Internal structures ====
> http://wiki.postgresql.org/wiki/SEPostgreSQL_Architecture#Interaction_between_pg_security_system_catalog
>
> In SELinux model, massive number of objects shares a limited number of
> security context (e.g more than 100 tables may have a same one), this
> design (it stores "security label OID" within the tuple header) is well
> suitable for database objects.
What plan do you have for system columns added by the patch
(datsecon, nspsecon, relsecon, etc) after we have securty_id
system column? Will we have duplicated features then?
Even if system tables don't use security_id columns, should the data type
of *secon be oid instead of text? I think pg_security described in the wiki
page is useful even if we only have object-level security.
How about adding pg_security and changing the type of *secon to oid?
Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2009-11-25 08:37:10 | Re: [PATCH 4/4] Add tests to dblink covering use of COPY TO FUNCTION |
| Previous Message | Pavel Stehule | 2009-11-25 08:23:20 | Re: [PATCH 4/4] Add tests to dblink covering use of COPY TO FUNCTION |