KaiGai Kohei escribió: > There are two cases when we create a new object. > > 1) create a new object without any explicit security context. > If we don't have statement support, it is the only case. > In this case, SELinux computes a default security context to be assigned > on the new object. It depends on the client's security context. > Then, it checks "create" permission on a pair of the client's security > context and the default security context. If not allowed, an error will > be raised.
So, following this path, it is possible to write pg_dump support without a explicit security contexts: you have to make pg_dump write out the different tuples under different users. So you'd have more than one data object in the dump output for each table, one for every existing security context. This seems extremely difficult and intrusive however. It seems that having explicit security contexts in statements is necessary for this area to be reasonably simple. Now, let's assume that COPY data includes the security context for each tuple in the output. How is that data restored? Would you need to grant super-SEPostgres privileges to the user restoring the data? -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
