KaiGai Kohei wrote: > >> If you have anything to comment for the patches, could you disclose it? > >> It is not necessary to be a comprehensive one. Don't hesitate to submit. > > > > I looked over the patch and was wondering why you chose to have a > > configure option to disable row-level ACLs. > > There are no explicit reasons. > I thought it was natural, as if we can build Linux kernel without any > enhanced security features (SELinux, SMACK and so on). > > I don't oppose to elimination of "--disable-row-acl" options, however, > it is not clear for me whether it should be unavoidable selection in > the future, or not.
Look at the existing configure options; we don't remove features via configure unless it is for some platform-specific reason. Please remove the configure option and make it always enabled. The way it should work is that the feature is always enabled, and some SQL-level commands should throw an appropriate error if SE-Linux is enabled in the build. > > I assume that could just be always enabled. > > It is not "always" enabled. When we build it with SE-PostgreSQL feature, > rest of enhanced security features (includes the row-level ACL) are > disabled automatically, as we discussed before. Oh. Is that because we use SE-Linux row-level security when SE-PostgreSQL is enabled? I guess that makes sense. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://enterprisedb.com + If your life is a hard drive, Christ can be your backup. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
