Good morning, I started to follow the discussion. (Time difference is unconfortable for me!)
>> adding SELinux support for the existing levels of access control in PG > > is > > - table/column level access controls > - permission checks on database login > - permission checks on function invocation > - they need a facility to manage security label > - I want permission checks on loading a library, > though existing PG checks superuser() only. > > and > - removing PGACE, integrate SEPG code into core > - permission checks on largeobjects is postponed > - row level security is postponed (NOT REJECTED!) > - so, writable system column is also postponed If I postponed a part of functionalities as Stephen suggested, how many lines can be reduced? It is a quick estimation. Currently, the main patch has: 110 files changed, 9813 insertions(+), 16 deletions(-), 924 modifications(!) * src/backend/commands/copy.c | 293 +++! Most of them are to support writable system column, so about -300 lines are expected. * src/backend/executor/execMain.c | 209 +++ Most of them are to support writable system column, so about -200 lines are expected * src/backend/security/pgaceCommon.c | 729 ++++++++++++ It will get scraped, but management of security attribute has to SELinux specific code, so -250 lines are expected * src/backend/security/pgaceHooks.c | 1547 ++++++++++++++++++++++++++ It will be gone, so -1550 lines are expected * src/backend/security/rowacl/rowacl.c | 721 ++++++++++++ It will be postponed, -700 lines are expected * src/backend/security/sepgsql/hooks.c | 1019 +++++++++++++++++ A part of permission checks (aka row,blob) is postponed, so -300 lines are expected. * src/include/security/pgace.h | 181 +++ * src/include/security/rowacl.h | 41 It will be gone, so -200 lines are expected At the total, -3,200 lines are expected. In addition, any other small-sized stuffs can be postponed. Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
