On Tue, 2009-03-10 at 09:56 +0900, KaiGai Kohei wrote:
> Joshua D. Drake wrote:
...
> > Is there any possibility of having it be enabled at compile time? The
> > default would be know but those distributions that would like to make
> > use of it could?
>
> It was the design a half year ago, but Bruce suggested me a certain
> feature should not be enabled/disabled by compile time options,
> except for library/platform dependency.
>
> In addition, he also suggested
> a feature should be turned on/off by configuration option, because of
> it enables to distribute a single binary for more wider users.
>
> SE-PostgreSQL need the libselinux to communicate the in-kernel SELinux.
> So, --enable-selinux is necessary on compile time, it is fair enough.
> If we omit it, all the sepgsqlXXXX() invocations are replaced by empty
> macros.
seems ok.
Another option to disable it would be something similar to how we
currently handle DTrace ?
> If we compile it with --enable-selinux, it has two working modes
> controled by a guc option: sepostgresql (bool).
> If it is disabled, all the sepgsqlXXXX() invocations returns at
> the head of themself without doing anything.
>
> I believe this behavior follows the previous suggestion.
Have you been able to measure any speed difference between
--enable-selinux on and off ?
--
Hannu Krosing http://www.2ndQuadrant.com
PostgreSQL Scalability and Availability Services, Consulting and Training
