On Friday 17 July 2009 06:10:12 Robert Haas wrote:
> 2009/7/16 KaiGai Kohei <kaigai@ak.jp.nec.com>:
> > Yes, the tiny version will not give any advantages in security without
> > future enhancements.
> > It is not difficult to add object classes and permissions.
> > If necessary, I'll add checks them with corresponding permissions.
> >
> > One anxiety is PostgreSQL specific object class, such as LANGUAGE.
> > It's not clear for me whether the maintainer of the SELinux security
> > policy accept these kind of object classes, or not.
> > I would like to implement them except for PostgreSQL specific object
> > class in this phase.
>
> I'm starting to think that there's just no hope of this matching up
> well enough with the way PostgreSQL already works to have a chance of
> being accepted.
What I'm understanding here is the apparent requirement that the SEPostgreSQL
implementation be done in a way that a generic SELinux policy that has been
written for an operating system and file system can be applied to PostgreSQL
without change and do something useful. I can see merits for or against that.
But in any case, this needs to be clarified, if I understand this requirement
correctly anyway.
