Re: [v9.2] Add GUC sepgsql.client_label - Mailing list pgsql-hackers

From Yeb Havinga
Subject Re: [v9.2] Add GUC sepgsql.client_label
Date
Msg-id 4F62EF51.2080803@gmail.com
Whole thread Raw
In response to Re: [v9.2] Add GUC sepgsql.client_label  (Robert Haas <robertmhaas@gmail.com>)
Responses Re: [v9.2] Add GUC sepgsql.client_label
List pgsql-hackers
On 2012-03-15 21:45, Robert Haas wrote:
> On Wed, Mar 14, 2012 at 11:10 AM, Kohei KaiGai<kaigai@kaigai.gr.jp>  wrote:
>> If it is ready to commit, please remember the credit to Yeb's volunteer
>> on this patch.
> Done.
>
In the patch with copy-editing documentation following that commit, at 
"in at their option", s/in// ? Also 'rather than .. as mandated by the 
system': I'm having trouble parsing 'as'. It is also unclear to me what 
'system' means: selinux or PostgreSQL, or both? I suspect it is 
PostgreSQL, since selinux is still enforcing / 'mandating' it's policy. 
What about "rather than that the switch is controlled by the PostgreSQL 
server, as in the case of a trusted procedure."

+    Dynamic domain transitions should be considered carefully, because they
+    allow users to switch their label, and therefore their privileges, in
+    at their option, rather than (as in the case of a trusted procedure)
+    as mandated by the system.

-- 
Yeb Havinga
http://www.mgrid.net/
Mastering Medical Data



pgsql-hackers by date:

Previous
From: Ants Aasma
Date:
Subject: Re: pg_upgrade and statistics
Next
From: Andres Freund
Date:
Subject: Re: Command Triggers, v16