Re: Updates of SE-PostgreSQL 8.4devel patches (r1268) - Mailing list pgsql-hackers

From KaiGai Kohei
Subject Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
Date
Msg-id 493D686D.7080305@kaigai.gr.jp
Whole thread Raw
In response to Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Updates of SE-PostgreSQL 8.4devel patches (r1268)
List pgsql-hackers
Tom Lane wrote:
> KaiGai Kohei <kaigai@ak.jp.nec.com> writes:
>> Bruce Momjian wrote:
>>> I assume that could just be always enabled.
> 
>> It is not "always" enabled. When we build it with SE-PostgreSQL feature,
>> rest of enhanced security features (includes the row-level ACL) are
>> disabled automatically, as we discussed before.
> 
> It seems like a pretty awful idea to have enabling sepostgres take away
> a feature that exists in the default build.

Why?

The PGACE security framework allows one or no enhanced security
mechanism at most. It is quite natural that the default selection
is overrided when an alternative option is chosen explicitly.

Thanks,
-- 
KaiGai Kohei <kaigai@kaigai.gr.jp>


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: cvs head initdb hangs on unixware
Next
From: "Pavel Stehule"
Date:
Subject: Re: new vacuum is slower for small tables