On Friday 17 July 2009 06:10:12 Robert Haas wrote: > 2009/7/16 KaiGai Kohei <kai...@ak.jp.nec.com>: > > Yes, the tiny version will not give any advantages in security without > > future enhancements. > > It is not difficult to add object classes and permissions. > > If necessary, I'll add checks them with corresponding permissions. > > > > One anxiety is PostgreSQL specific object class, such as LANGUAGE. > > It's not clear for me whether the maintainer of the SELinux security > > policy accept these kind of object classes, or not. > > I would like to implement them except for PostgreSQL specific object > > class in this phase. > > I'm starting to think that there's just no hope of this matching up > well enough with the way PostgreSQL already works to have a chance of > being accepted.
What I'm understanding here is the apparent requirement that the SEPostgreSQL implementation be done in a way that a generic SELinux policy that has been written for an operating system and file system can be applied to PostgreSQL without change and do something useful. I can see merits for or against that. But in any case, this needs to be clarified, if I understand this requirement correctly anyway. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers