Bruce Momjian wrote:
> Alvaro Herrera wrote:
> > Bruce Momjian wrote:
> >
> > > True, but think we would like to have all the SQL-level stuff done
> > > first, or at least decide we don't want it at the SQL level, before
> > > moving forward with adding fine-grained controls.
> >
> > This makes no sense. We've been sitting for years on the per-row
> > privilege stuff, and there haven't been many takers. It doesn't look
> > like somebody is going to write it for 8.4, which means delaying the
> > inclusion of SE-Pgsql stuff just because that other thing is not done
> > does not favor anyone.
>
> Well, does it make sense to add column-level privileges just for
> SE-Linux?
That's the wrong question. The question here is: does it make sense to
have per-row permissions implemented on top of an abstraction layer
whose sole current implementation is SE-Linux?
I think the answer is yes, because (as others have said) if we ever want
to have SQL-level per-row permissions, then we can implement them with
no change to the patch currently in discussion.
(Note that it has been said that this abstraction layer could easily be
"ported" to work on TrustedSolaris, and probably other OS-level security
mechs)
> I don't think that is wise. My logic is to build the lower levels
> first (SQL), then the higher levels.
Why are you saying that SQL is the lower level? I don't think there's a
"lower" and "upper" layer here. Neither can be built on top of the
other one, because they are orthogonal.
> If that was done when the issue was originally suggested months ago it
> would be done but now. I don't see the rush to do things backwards
> just to get SE-Linux capability in 8.4, but of course that is just my
> opinion.
:-) My opinion here is that doing it is not backwards.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.
