On Jul 25, 2009, at 11:06 AM, Tom Lane wrote:
> Sam Mason <sam@samason.me.uk> writes:
>> Yes, that seems reasonable. The fact that you're still talking about
>> "confined users" is slightly worrying and would seem to imply that
>> there is still a superuser/normal user divide--it's probably just a
>> terminology thing though.
>
> There had better still be superusers. Or do you want the correctness
> of your backups to depend on whether your SELinux policy is correct?
> The first time somebody loses critical data because SELinux suppressed
> it from their pg_dump output, they're going to be on the warpath.
This behavior is no different than when taking/using an SE-enabled
filesystem backup. And woe to the "admin" who doesn't test his
backups- caveat emptor.
Still, it would be nice if pg_dump warned or stopped if the backup it
created was completely useless (missing data dependencies), no?
Cheers,
M