Andrew Dunstan wrote:
>
>
> Josh Berkus wrote:
>> Joshua, Kohei-san,
>>
>> So, for 8.4: *if* we included in 8.4 a version of SEPostgres with all
>> features *except* row-level security, would it still be useful to the
>> SELinux community?
>>
>> I think we're just not going to work out the headache-inducing issues
>> around row-level security in time for 8.4, and it seems to me that
>> integrated system-level security labels at the table-and-column level
>> are still very useful, even without row-level security.
>
> Hasn't a plan for this already been posted? See
> http://archives.postgresql.org/pgsql-hackers/2009-01/msg02407.php
FYI:
* previous full-functional SE-PostgreSQL/Row-ACLs
[kaigai@fedora10 security]$ wc -l *.c */*.c 729 pgaceCommon.c 1547 pgaceHooks.c 721 rowacl/rowacl.c 1200
sepgsql/avc.c 623 sepgsql/core.c 1019 sepgsql/hooks.c 785 sepgsql/permissions.c 1097 sepgsql/proxy.c 7721 total
* A lite SE-PostgreSQL without row-level security, large object support, writable system column
[kaigai@fedora10 sepgsql]$ wc -l *.c 904 checker.c 1181 avc.c 360 core.c 55 dummy.c 683 hooks.c 478 label.c
553 perms.c 4214 total
Today, I'll debug the modified code...
--
KaiGai Kohei <kaigai@kaigai.gr.jp>