On Fri, 2010-08-06 at 11:02 -0400, Robert Haas wrote:
> At PGCon, we discussed the possibility that a minimal SE-PostgreSQL
> implementation would need little more than a hook in
> ExecCheckRTPerms() [which we've since added] and a security label
> facility [for which KaiGai has submitted a patch]. I actually sat
> down to write the security label patch myself while we were in Ottawa,
> but quickly ran into difficulties: while the hook we have now can't do
> anything useful with objects other than relations, it's pretty clear
> from previous discussions on this topic that the demand for labels on
> other kinds of objects is not going to go away. Rather than adding
> additional syntax to every object type in the system (some of which
> don't even have ALTER commands at present), I suggested basing the
> syntax on the existing COMMENT syntax. After some discussion[1], we
> seem to have settled on the following:
>
> SECURITY LABEL [ FOR <provider> ] ON <object class> <object name> IS '<label>';
I understand the concept and it seems like it might work. Not too keen
on pretending a noun is a verb. That leads to erroring.
<verb> SECURITY LABEL? verb = CREATE, ADD, ...
Can't objects have more than one label?
How will you set default security labels on objects?
Where do you define labels?
Will there be a new privilege to define this? Presumably object owners
would not be able to set that themselves, otherwise you could create an
object, add a security label to it and then use it to see other things
at that level.
-- Simon Riggs www.2ndQuadrant.comPostgreSQL Development, 24x7 Support, Training and Services
