On Sat, Oct 17, 2009 at 9:53 AM, Heikki Linnakangas <heikki.linnakan...@enterprisedb.com> wrote: > This raises an important point: We need *developer documentation* on how > to write SE-Pgsql compliant permission checks. Not only for authors of > 3rd party modules but for developers of PostgreSQL itself. Point 2) > above needs to be emphasized, it's a big change in the way permission > checks have to be programmed. One that I hadn't realized before. I > haven't been paying much attention, but neither is most other > developers, so we need clear documentation.
This is a good point. All throughout these discussions, there has been a concern that whatever is implemented here will be unmaintainable because we don't have any committers who are familiar with the ins and outs of SE-Linux and MAC (and not too many other community members interested in the topic, either). So some developer documentation seems like it might help. On the other hand, KaiGai has made several attempts at documentation and several attempts at patches and we're not really any closer to having SE-PostgreSQL in core than we were a year ago. I think that's partly because KaiGai tried to bite off far too much initially (still?), partly because of technical problems with the patches, partly because the intersection of people who are experts in PostgreSQL and people who are experts in MAC seems to be empty, and partly because, as much as people sorta kinda like this feature, nobody other than KaiGai has really been willing to step up and pour into this project the kind of resources that it will likely require to be successful. I have to admit that I'm kind of giving up hope. We seem to be going in circles, and I don't think anything new is being said on this thread that hasn't been said before. ...Robert -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
