Even if I implement SE-PostgreSQL as a loadable module, core
PostgreSQL has to provide proper hooks in strategic points and
facilities to manage security attribute (pg_security system catalog
and security_label system column).
If you require to implement it without these facilities, I think
it is impossible and prefer scraping PGACE and integrate SE- code
into core.
I am not in a position to require anything since I am not a committer,
but I would think that you would need to convince people that the
facilities which your plugin requires were pretty much the same as the
facilities that any other future plugin might require - that the
plugin framework was client-agnostic.
We (as a security folks) know any MAC facility have similar
architecture called as reference monitor, so I believe it is
quite possible to implement them as same basis.
But it is a hard request to take an evidence immediately.
IMO, the framework is purely implementation matter, so it is
not late when the second one appeared.
As I noted to another message, I can accept to integrate limited
functional SE-PostgreSQL without any PGACE.
Thanks,
--
KaiGai Kohei <kai...@kaigai.gr.jp>
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
