Re: sepgsql and materialized views

From: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Noah Misch <noah(at)leadboat(dot)com>, Kevin Grittner <kgrittn(at)ymail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: sepgsql and materialized views
Date: 2013-07-06 05:34:22
Message-ID: CADyhKSVYvWTi8efXMxCSW-L1GFnkCoruSBxt2FSVNjFkX6hARw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Unfortunately, I could not get consensus of design on selinux policy side.
Even though my opinion is to add individual security class for materialized
view to implement refresh permission, other people has different opinion.
So, I don't want it shall be a blocker of v9.3 to avoid waste of time.
Also, I'll remind selinux community on this issue again, and tries to handle
in another way from what I proposed before.

Thanks,

2013/7/5 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Noah Misch <noah(at)leadboat(dot)com> writes:
>> On Fri, Feb 08, 2013 at 02:51:40PM +0100, Kohei KaiGai wrote:
>>> I'll have a discussion about new materialized_view object class
>>> on selinux list soon, then I'll submit a patch towards contrib/sepgsql
>>> according to the consensus here.
>
>> Has this progressed?
>
>> Should we consider this a 9.3 release blocker? sepgsql already has a red box
>> warning about its limitations, so adding the limitation that materialized
>> views are unrestricted wouldn't be out of the question.
>
> Definitely -1 for considering it a release blocker. If KaiGai-san can
> come up with a fix before we otherwise would release 9.3, that's great,
> but there's no way that sepgsql has a large enough user community to
> justify letting it determine the release schedule.
>
> regards, tom lane

--
KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2013-07-06 05:39:32 Re: [COMMITTERS] pgsql: PL/Python: Convert numeric to Decimal
Previous Message Michael Paquier 2013-07-06 05:09:22 Re: Changing recovery.conf parameters into GUCs