Bruce Momjian wrote:
Alvaro Herrera wrote:
Bruce Momjian wrote:
True, but think we would like to have all the SQL-level stuff done
first, or at least decide we don't want it at the SQL level, before
moving forward with adding fine-grained controls.
This makes no sense. We've been sitting for years on the per-row
privilege stuff, and there haven't been many takers. It doesn't look
like somebody is going to write it for 8.4, which means delaying the
inclusion of SE-Pgsql stuff just because that other thing is not done
does not favor anyone.
Well, does it make sense to add column-level privileges just for
SE-Linux? I don't think that is wise. My logic is to build the lower
levels first (SQL), then the higher levels. If that was done when the
issue was originally suggested months ago it would be done but now. I
don't see the rush to do things backwards just to get SE-Linux
capability in 8.4, but of course that is just my opinion.
As I mentioned before, it is quite natural that different security
mechanism *can* have different granualities, different decisions and
so on.
(No need to say, it *never* prevent they have same ones.)
However, I can follow the direction of the community.
If it is necessary to get merged SE-PostgreSQL feature in v8.4 cycle,
I'll begin to design and implement the fine-grained-only feature sooon.
In my hope, could you make progress reviewing SE-PostgreSQL feature
during last half of the September and the October? It is necessary
for load balancing of folks.
Anyway, we have just only 35 days. If possible, I wanted to get
such a funfamental suggestion more ealier. :(
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <[EMAIL PROTECTED]>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
