| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, Bruce Momjian <bruce(at)momjian(dot)us>, Joshua Brindle <method(at)manicmethod(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Josh Berkus <josh(at)agliodbs(dot)com>, PG Hackers <pgsql-hackers(at)postgresql(dot)org>, Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec> |
| Subject: | Re: Updates of SE-PostgreSQL 8.4devel patches (r1704) |
| Date: | 2009-03-10 12:35:17 |
| Message-ID: | 26232.1236688517@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> writes:
> If we drop the goal of trying to restrict what a superuser can do, is
> the patch still useful?
> One idea is to add a single "is superuser" permission to sepgsql.
The agreement back in January was that what we'd consider for 8.4 is
a patch that adds SELinux-driven enforcement of permissions checks
that already exist in Postgres. Allowing the above seems to me to
fit within that charter, but this other stuff definitely doesn't.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Gierth | 2009-03-10 12:39:10 | Re: Prepping to break every past release... |
| Previous Message | Tom Lane | 2009-03-10 12:04:35 | Re: Sampling Profler for Postgres |