| From: | Yeb Havinga <yebhavinga(at)gmail(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>, PgHacker <pgsql-hackers(at)postgresql(dot)org>, Joshua Brindle <jbrindle(at)tresys(dot)com> |
| Subject: | Re: [v9.2] Add GUC sepgsql.client_label |
| Date: | 2012-03-16 07:44:17 |
| Message-ID: | 4F62EF51.2080803@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 2012-03-15 21:45, Robert Haas wrote:
> On Wed, Mar 14, 2012 at 11:10 AM, Kohei KaiGai<kaigai(at)kaigai(dot)gr(dot)jp> wrote:
>> If it is ready to commit, please remember the credit to Yeb's volunteer
>> on this patch.
> Done.
>
In the patch with copy-editing documentation following that commit, at
"in at their option", s/in// ? Also 'rather than .. as mandated by the
system': I'm having trouble parsing 'as'. It is also unclear to me what
'system' means: selinux or PostgreSQL, or both? I suspect it is
PostgreSQL, since selinux is still enforcing / 'mandating' it's policy.
What about "rather than that the switch is controlled by the PostgreSQL
server, as in the case of a trusted procedure."
+ Dynamic domain transitions should be considered carefully, because they
+ allow users to switch their label, and therefore their privileges, in
+ at their option, rather than (as in the case of a trusted procedure)
+ as mandated by the system.
--
Yeb Havinga
http://www.mgrid.net/
Mastering Medical Data
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2012-03-16 08:13:53 | Re: Command Triggers, v16 |
| Previous Message | Daniel Farina | 2012-03-16 06:01:14 | Re: pg_terminate_backend for same-role |