Peter Eisentraut <peter_e@gmx.net> writes:
> Aidan Van Dyk wrote:
>> Actually, I'ld go one stroke farther, and ask:
>> Does it make sense to introduce a bunch of features that are only
>> usable to people *able to write proper SELinux policy sets* (or whatever
>> they are called).
> I consider this a valid concern, but given that some people want MAC and
> no one has shown a better way to implement MAC than SELinux, you can
> hardly use that as an objection against this particular patch.
The objection comes down to this: it's an extremely large, invasive,
and probably performance-losing patch, which apparently will be of use
to only a rather small set of people. It's not unreasonable to discuss
just how large that set might be while we debate whether to accept the
patch.
regards, tom lane