KaiGai Kohei wrote:
> > I hate to ask for something else from you, but I am trying to figure out
> > how we can proceed in reviewing and applying your additions. I am
> > wondering if you can produce a patch that has the SE-Linux part separate
> > so I can review the non-SE-Linux parts of the patch alone --- right now
> > I am not 100% clear on what parts are always active as row-level SQL
> > security and what needs SE-Linux to operate. I know this is an
> > additional burden on you and if it is too much to ask, please tell me.
>
> All the SELinux specific part is stored within:
> - src/include/security/sepgsq.h
> - src/backend/security/sepgsql/*
> - Blocks enclosed by "#if defined(HAVE_SELINUX)"
> in src/include/security/pgace.h
>
> SELinux related codes are never invoked without pgaceXXXX() hooks,
> so you can simply ignore the above files/parts when you are under
> the reviewing to non-SELinux parts.
> Rest of changes are commonly needed to manage security attribute
> and to inject security hooks.
>
> In all honesty, I hesitate to separate the patch again into two
> parts to be integrated later. I would be happy, if you suggested
> it a half year ago, because this feature was suggested as two
> separated patches in CommitFest:May. :(
Thanks, that's what I needed to know.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
