| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Yuli Khodorkovskiy <yuli(dot)khodorkovskiy(at)crunchydata(dot)com>, Kohei KaiGai <kaigai(at)heterodb(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: add a MAC check for TRUNCATE |
| Date: | 2019-09-06 15:21:45 |
| Message-ID: | CA+TgmoacuA_J=Q16g4VpEJ9J743MoqChaN8atj+g_qguuAMyHw@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Sep 6, 2019 at 10:40 AM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> There are actual reasons why the 'DELETE' privilege is *not* the same as
> 'TRUNCATE' in PostgreSQL and I'm really not convinced that we should
> just be tossing that distinction out the window for users of SELinux.
+1.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Verite | 2019-09-06 15:25:57 | Re: [PATCH] vacuumlo: print the number of large objects going to be removed |
| Previous Message | Andrew Dunstan | 2019-09-06 15:09:02 | Re: pgsql: Use data directory inode number, not port, to select SysV resour |