On Sat, Jul 25, 2009 at 11:06:37AM -0400, Tom Lane wrote: > There had better still be superusers. Or do you want the correctness > of your backups to depend on whether your SELinux policy is correct?
I thought the whole point of MAC was that superusers don't exist any more--at least not with the power they currently do. Organizations may well not trust specific parts of their database to certain types of backups, SE-PG should allow this to be controlled somewhat. > The first time somebody loses critical data because SELinux suppressed > it from their pg_dump output, they're going to be on the warpath. That should be solved by different methods; as "A.M" said pg_dump can complain if it doesn't see everything it expected to (which should handle the naive user case) and backdoors can be put in the scheme that will (by default?) initially allow a "backup" subject unfettered read-only access to each object. I'm expecting that this access can be revoked as needed from sensitive tables. -- Sam http://samason.me.uk/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers