Joshua Drake wrote: > On Wed, 24 Sep 2008 11:58:58 -0400 > Tom Lane <[EMAIL PROTECTED]> wrote: > > > The objection comes down to this: it's an extremely large, invasive, > > and probably performance-losing patch, which apparently will be of use > > to only a rather small set of people. It's not unreasonable to > > discuss just how large that set might be while we debate whether to > > accept the patch. > > I know of no one that really uses SELinux because it is a nightmare. On > the other hand, this type of security is required to get into certain > scary tin foil hat producing institutions. > > Do we want want to target those respective types of installs. If so, > then we have no choice but to try and make this patch (or similar) > work. If not, then I believe it is entirely too large of a change to > even bother with.
I think if we get the SQL-level stuff we want implemented we can see much better how much code SE-Linux support requires. For example, as the patch stands we have SE-Linux-specific tuple header fields, which seems like major overkill, but if the fields were already there for SQL feature capability the SE-Linux patch would be much less invasive. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
