Re: Proposal of SE-PostgreSQL patches (for CommitFest:Sep)

Bruce Momjian wrote:
> Alvaro Herrera wrote:
>> Bruce Momjian wrote:
>>
>>> True, but think we would like to have all the SQL-level stuff done
>>> first, or at least decide we don't want it at the SQL level, before
>>> moving forward with adding fine-grained controls.
>> This makes no sense. We've been sitting for years on the per-row
>> privilege stuff, and there haven't been many takers. It doesn't look
>> like somebody is going to write it for 8.4, which means delaying the
>> inclusion of SE-Pgsql stuff just because that other thing is not done
>> does not favor anyone.
>
> Well, does it make sense to add column-level privileges just for
> SE-Linux? I don't think that is wise. My logic is to build the lower
> levels first (SQL), then the higher levels. If that was done when the
> issue was originally suggested months ago it would be done but now. I
> don't see the rush to do things backwards just to get SE-Linux
> capability in 8.4, but of course that is just my opinion.

As I mentioned before, it is quite natural that different security
mechanism *can* have different granualities, different decisions and
so on.
(No need to say, it *never* prevent they have same ones.)

However, I can follow the direction of the community.
If it is necessary to get merged SE-PostgreSQL feature in v8.4 cycle,
I'll begin to design and implement the fine-grained-only feature sooon.

In my hope, could you make progress reviewing SE-PostgreSQL feature
during last half of the September and the October? It is necessary
for load balancing of folks.

Anyway, we have just only 35 days. If possible, I wanted to get
such a funfamental suggestion more ealier. :(

Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>