Greg Stark <st...@enterprisedb.com> writes: > I think we're talking at cross purposes here. I think Kai Gai's > descriptions make sense if you start with a different set of > assumptions. The idea behind SELinux is that each individual object is > access controlled and each user has credentials which grant access to > specific operations on specific objects. As I understand it part of > the goal is to eliminate situations where "setuid" or other forms of > privilege escalation is required.
Well, if so, the idea is a miserable failure. SELinux has just as many setuid programs as any other Unix, and absolutely zero hope of removing them. I am not going to take the idea of "remove setuid" seriously when they haven't been able to accomplish it anywhere else. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers