Home > mailing lists

Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Date	December 10, 2008 10:16:25
Msg-id	200812101113.mBABDht01771@momjian.us Whole thread Raw
In response to	Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
List	pgsql-hackers

Tree view

Tom Lane wrote:
> KaiGai Kohei <kaigai@ak.jp.nec.com> writes:
> > Bruce Momjian wrote:
> >> I assume that could just be always enabled.
> 
> > It is not "always" enabled. When we build it with SE-PostgreSQL feature,
> > rest of enhanced security features (includes the row-level ACL) are
> > disabled automatically, as we discussed before.
> 
> It seems like a pretty awful idea to have enabling sepostgres take away
> a feature that exists in the default build.

Agreed.  The problem is that the security column used for SQL-level row
security is reused to hold the SE-Linux ACL when SE-Linux is enabled.  I
suppose the only way to enable them both in an SE-Linux build would be
to use a new optional column for SE-Linux and keep the SQL-level row
security optional column unchanged.

--  Bruce Momjian  <bruce@momjian.us>        http://momjian.us EnterpriseDB
http://enterprisedb.com
 + If your life is a hard drive, Christ can be your backup. +

pgsql-hackers by date:

From: Bruce Momjian
Date: 10 December 2008, 10:13:44
Subject: Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)

From: Bruce Momjian
Date: 10 December 2008, 10:36:41
Subject: Re: ALTER composite type does not work, but ALTER TABLE which ROWTYPE is used as a type - works fine

Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) - Mailing list pgsql-hackers

Previous

Next