KaiGai Kohei <kaigai@kaigai.gr.jp> writes:
> Heikki Linnakangas wrote:
>> Why should it discriminate between them?
> Typically, we cannot set up a foreign-key which refers a primary-key within
> read-only table from SELinux's viewpoint.
> The vanilla access control mechanism switches the current userid, and it enables
> to run SELECT FOR SHARE without ACL_UPDATE, but SELinux's security model does not
> have a concept of ownership.
Should I not read that as "SELinux's security model is so impoverished
that it cannot be useful for monitoring SQL behavior"? If you don't
understand current user and ownership, it's hopeless. Trying to
distinguish SELECT FOR UPDATE instead of that is a workaround that is
only going to fix one symptom (if it even works for this, which I doubt).
There will be many more.
regards, tom lane
