(2010/08/17 11:37), Robert Haas wrote: >> I might have a reason why the script need to launch in single-user >> mode, but it is not clear right now, sorry. > > Another point here is that I wonder if we really need to label system > objects at all. Are you applying the same label to all of them? If > so, perhaps it might be feasible to set up the code so that it simply > assumes that label for every object in the pg_catalog namespace. > No, SELinux provides APIs to suggest what database object should have what security label on initialization time. (selabel_open(3), selabel_lookup(3) and selabel_close(3))
It depends on configurations by system admin, so we cannot assume a certain label for every object in a certain namespace. > And if you're NOT setting the label the same way on all of them, then > there's a maintenance issue to think about. > Right, I don't want to have multiple way to label them. Thanks, -- KaiGai Kohei <kai...@ak.jp.nec.com> -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers