Stephen Frost wrote:
> KaiGai,
>
> * KaiGai Kohei (kaigai@ak.jp.nec.com) wrote:
>> I began to describe the list of abstraction layer functions (but not completed yet):
>> http://wiki.postgresql.org/wiki/SEPostgreSQL_Abstraction
>
> I'm not really a huge fan of 'security_' as a prefix for these
> functions, but I don't have a better suggestion right now.
If so, 'pgsec_' (PostGresql SECutiry) instead?
> The initial abstraction patch shouldn't include the security context
> pieces. I realize that will be needed eventually, but the patch to do
> the abstraction and to formally move permissions checking to aclchk.c
> needs to stand alone. I'm also not sure that the API of having the
> security context be returned as a Datum makes sense..
OK, I'll add pieces corresponding to the security context on the second
patch (SE-PostgreSQL patch).
> Doesn't security_table_permissions() need to know if the query is an
> UPDATE or an INSERT?
Either ACL_UPDATE or ACL_INSERT should be set on the required_perms.
Both of them are never set in same time.
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@ak.jp.nec.com>
