| From: | KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | PgSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: shared_preload_libraries is ignored in single user mode |
| Date: | 2010-08-17 03:43:09 |
| Message-ID: | 4C6A054D.5040209@ak.jp.nec.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
(2010/08/17 11:37), Robert Haas wrote:
>> I might have a reason why the script need to launch in single-user
>> mode, but it is not clear right now, sorry.
>
> Another point here is that I wonder if we really need to label system
> objects at all. Are you applying the same label to all of them? If
> so, perhaps it might be feasible to set up the code so that it simply
> assumes that label for every object in the pg_catalog namespace.
>
No, SELinux provides APIs to suggest what database object should have
what security label on initialization time.
(selabel_open(3), selabel_lookup(3) and selabel_close(3))
It depends on configurations by system admin, so we cannot assume
a certain label for every object in a certain namespace.
> And if you're NOT setting the label the same way on all of them, then
> there's a maintenance issue to think about.
>
Right, I don't want to have multiple way to label them.
Thanks,
--
KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2010-08-17 03:56:02 | Re: Per-column collation, proof of concept |
| Previous Message | Hitoshi Harada | 2010-08-17 03:41:35 | Re: Writeable CTEs Desgin Doc on Wiki |