KaiGai Kohei <kai...@ak.jp.nec.com> writes: > Heikki Linnakangas wrote: >> Can't you have a SE-PostgreSQL policy like "disallow ACL_UPDATE on table >> X for user Y, except when current user is owner of X"?
> It seems to me a quite ad-hoc idea. That's rather a silly charge to be leveling when your own proposal is such a horrid kluge as this one. As near as I can tell, you intend that SELinux will be unable to prohibit SELECT FOR UPDATE because it cannot tell the difference between that and a foreign key reference. If that isn't a hack, I don't know what is. regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers