On Thursday 11 December 2008 21:44:39 Gregory Stark wrote: > > Because we want to use SQL-based row access control and SELinux-based row > > access control at the same time. Isn't this exactly one of the > > objections upthread? Both must be available at the same time. > > Well I don't think anyone would actually want them *at the same time*. > Combining multiple security models would mean you aren't actually following > any security model.
That doesn't follow. Using DAC and MAC together is quite standard. Even if your kernel is SELinux-enabled and has a policy, you'd still want to use normal permission bits. Same difference here. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
