>> Even if I implement SE-PostgreSQL as a loadable module, core
>> PostgreSQL has to provide proper hooks in strategic points and
>> facilities to manage security attribute (pg_security system catalog
>> and security_label system column).
>> If you require to implement it without these facilities, I think
>> it is impossible and prefer scraping PGACE and integrate SE- code
>> into core.
>
> I am not in a position to require anything since I am not a committer,
> but I would think that you would need to convince people that the
> facilities which your plugin requires were pretty much the same as the
> facilities that any other future plugin might require - that the
> plugin framework was client-agnostic.
We (as a security folks) know any MAC facility have similar
architecture called as reference monitor, so I believe it is
quite possible to implement them as same basis.
But it is a hard request to take an evidence immediately.
IMO, the framework is purely implementation matter, so it is
not late when the second one appeared.
As I noted to another message, I can accept to integrate limited
functional SE-PostgreSQL without any PGACE.
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
