On Thursday 11 December 2008 18:24:54 KaiGai Kohei wrote:
> Peter Eisentraut wrote:
> > On Thursday 11 December 2008 17:09:25 Tom Lane wrote:
> >> I think there should be only *one* underlying column and that it should
> >> be manipulable by either SQL commands or selinux. Otherwise you're
> >> making a lie of the primary argument for having the SQL feature at all.
> >
> > Well, an SQL-manipulated row security column will probably have a content
> > like
> >
> > {joe=rw/bob,staff=r/bob}
> >
> > An SELinux-aware row security column will probably have a content like
> >
> > blah_t:foo_t:quux_t
> >
> > And a Solaris TX-aware security column will probably have a content like
> >
> > Classified
> >
> > How can we stick all of these in the same column at the same time?
>
> To choose it on compile-time option is the most simple approach.
As mentioned before, compile-time options to choose between these variants in
a mutually exlusive manner is not acceptable.
Plus, using two of these together, or even three, is certainly useful and
reasonable in some uses.
